Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Lic.exe

Overview

General Information

Sample name:Lic.exe
Analysis ID:1579538
MD5:c5eaff76b3a6615840b4e0bc7e92fbc8
SHA1:73e004370c39788699c010a09638d350a0d8fe1a
SHA256:2316de75234975ef265f843eb585a3b34d875507a6f7506209a7df932de48667
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Lic.exe (PID: 7072 cmdline: "C:\Users\user\Desktop\Lic.exe" MD5: C5EAFF76B3A6615840B4E0BC7E92FBC8)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Lic.exeReversingLabs: Detection: 19%
Source: Lic.exeVirustotal: Detection: 19%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.4% probability
Source: Lic.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE133027C0 CryptQueryObject,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalAlloc,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,0_2_00007FFE133027C0
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13302E35 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext,0_2_00007FFE13302E35
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13302E00 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext,LocalAlloc,CertFreeCertificateContext,CryptDecodeObject,CertFreeCertificateContext,CertFreeCertificateContext,0_2_00007FFE13302E00
Source: Lic.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: clrjit.pdb source: Lic.exe, 00000000.00000002.1725058787.0000024B719D2000.00000004.00000020.00020000.00000000.sdmp
Source: Lic.exeString found in binary or memory: https://#/SCClientPing.php#Invalid
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13301D700_2_00007FFE13301D70
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE133032700_2_00007FFE13303270
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE133014D00_2_00007FFE133014D0
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFD9B7D6C120_2_00007FFD9B7D6C12
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFD9B7D5E660_2_00007FFD9B7D5E66
Source: Lic.exeBinary or memory string: OriginalFilename vs Lic.exe
Source: Lic.exe, 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename vs Lic.exe
Source: Lic.exe, 00000000.00000002.1724955220.0000024B69201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Lic.exe
Source: AgileDotNetRT64.dll.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AgileDotNetRT64.dll.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engineClassification label: mal60.evad.winEXE@1/2@0/0
Source: C:\Users\user\Desktop\Lic.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Lic.exe.logJump to behavior
Source: C:\Users\user\Desktop\Lic.exeMutant created: NULL
Source: C:\Users\user\Desktop\Lic.exeMutant created: \Sessions\1\BaseNamedObjects\{37c18af4-686a-4078-aea2-125b9784b6de}
Source: C:\Users\user\Desktop\Lic.exeFile created: C:\Users\user\AppData\Local\Temp\9d157fef-9d80-4c40-8e32-b40db35317cbJump to behavior
Source: Lic.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Lic.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\Lic.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Users\user\Desktop\Lic.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Lic.exeReversingLabs: Detection: 19%
Source: Lic.exeVirustotal: Detection: 19%
Source: Lic.exeString found in binary or memory: application/xml)/authorize/stops.xml1/authorize/authorize.xml'www.decisionbar.com
Source: Lic.exeString found in binary or memory: application/xml)/authorize/stops.xml1/authorize/authorize.xml'www.decisionbar.com
Source: C:\Users\user\Desktop\Lic.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Lic.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
Source: Lic.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Lic.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: clrjit.pdb source: Lic.exe, 00000000.00000002.1725058787.0000024B719D2000.00000004.00000020.00020000.00000000.sdmp
Source: Lic.exeStatic PE information: 0xE66D18D1 [Thu Jul 3 07:44:17 2092 UTC]
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13308C00 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetFileVersionInfoSizeExW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree,0_2_00007FFE13308C00
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13304803 push D84C6147h; ret 0_2_00007FFE1330480C
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE1331F5C5 push 37ED6F56h; ret 0_2_00007FFE1331F5CC
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFD9B7D00BD pushad ; iretd 0_2_00007FFD9B7D00C1
Source: C:\Users\user\Desktop\Lic.exeFile created: C:\Users\user\AppData\Local\Temp\9d157fef-9d80-4c40-8e32-b40db35317cb\AgileDotNetRT64.dllJump to dropped file
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Lic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\Lic.exeRDTSC instruction interceptor: First address: 7FFE13301F0F second address: 7FFE13301F90 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov dword ptr [esp+28h], eax 0x0000000e dec eax 0x0000000f mov eax, dword ptr [esp+30h] 0x00000013 dec eax 0x00000014 mov ecx, dword ptr [esp+28h] 0x00000018 dec eax 0x00000019 sub ecx, eax 0x0000001b dec eax 0x0000001c mov eax, ecx 0x0000001e dec eax 0x0000001f add esp, 48h 0x00000022 ret 0x00000023 dec eax 0x00000024 mov dword ptr [00010326h], eax 0x0000002a mov dword ptr [esp+28h], 00000000h 0x00000032 jmp 00007FBCC0E8733Ch 0x00000034 mov eax, dword ptr [esp+50h] 0x00000038 cmp dword ptr [esp+28h], eax 0x0000003c jnl 00007FBCC0E87374h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\Lic.exeMemory allocated: 24B59170000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Lic.exeMemory allocated: 24B71200000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13301F40 rdtsc 0_2_00007FFE13301F40
Source: C:\Users\user\Desktop\Lic.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\Lic.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9d157fef-9d80-4c40-8e32-b40db35317cb\AgileDotNetRT64.dllJump to dropped file
Source: C:\Users\user\Desktop\Lic.exe TID: 6168Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Lic.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
Source: C:\Users\user\Desktop\Lic.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Users\user\Desktop\Lic.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\Lic.exeAPI call chain: ExitProcess graph end nodegraph_0-7283
Source: C:\Users\user\Desktop\Lic.exeAPI call chain: ExitProcess graph end nodegraph_0-7288
Source: C:\Users\user\Desktop\Lic.exeAPI call chain: ExitProcess graph end nodegraph_0-7303
Source: C:\Users\user\Desktop\Lic.exeAPI call chain: ExitProcess graph end nodegraph_0-7294
Source: C:\Users\user\Desktop\Lic.exeAPI call chain: ExitProcess graph end nodegraph_0-7265
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13301F40 rdtsc 0_2_00007FFE13301F40
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13308C00 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetFileVersionInfoSizeExW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree,0_2_00007FFE13308C00
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE133012E0 K32EnumProcessModules,GetProcessHeap,HeapAlloc,EnumProcessModules,K32EnumProcessModules,GetProcessHeap,HeapFree,GetModuleBaseNameA,K32GetModuleBaseNameA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00007FFE133012E0
Source: C:\Users\user\Desktop\Lic.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\Lic.exeQueries volume information: C:\Users\user\Desktop\Lic.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE13306880 MessageBoxW,GetSystemTimeAsFileTime,CompareFileTime,MessageBoxW,0_2_00007FFE13306880
Source: C:\Users\user\Desktop\Lic.exeCode function: 0_2_00007FFE133010A0 GetVersionExW,0_2_00007FFE133010A0
Source: C:\Users\user\Desktop\Lic.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
Windows Management Instrumentation
1
DLL Side-Loading
1
DLL Side-Loading
1
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter
Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools
LSASS Memory13
Security Software Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Native API
Logon Script (Windows)Logon Script (Windows)41
Virtualization/Sandbox Evasion
Security Account Manager41
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS125
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
Lic.exe20%ReversingLabs
Lic.exe19%VirustotalBrowse
Lic.exe100%Joe Sandbox ML
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\9d157fef-9d80-4c40-8e32-b40db35317cb\AgileDotNetRT64.dll7%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://#/SCClientPing.php#InvalidLic.exefalse
    unknown
    No contacted IP infos
    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1579538
    Start date and time:2024-12-22 23:26:25 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 19s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:1
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:Lic.exe
    Detection:MAL
    Classification:mal60.evad.winEXE@1/2@0/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 99%
    • Number of executed functions: 23
    • Number of non-executed functions: 25
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Stop behavior analysis, all processes terminated
    No simulations
    No context
    No context
    No context
    No context
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    C:\Users\user\AppData\Local\Temp\9d157fef-9d80-4c40-8e32-b40db35317cb\AgileDotNetRT64.dlliBypass LPro A12+.exeGet hashmaliciousUnknownBrowse
      iBypass LPro A12+.exeGet hashmaliciousUnknownBrowse
        SecuriteInfo.com.Variant.Bulz.468687.12862.exeGet hashmaliciousUnknownBrowse
          Ambrosial.exeGet hashmaliciousRedLineBrowse
            FIa4FloXT2.exeGet hashmaliciousUnknownBrowse
              Process:C:\Users\user\Desktop\Lic.exe
              File Type:CSV text
              Category:dropped
              Size (bytes):1076
              Entropy (8bit):5.368877155569937
              Encrypted:false
              SSDEEP:24:ML9E4KQ71qE4GIs0E4K6sXE4NpOKDE4KGKZI6Khk:MxHKQ71qHGIs0HKJHNpOYHKGSI6ok
              MD5:B7F637406C3D2DABB67C7F2CBE42BCBE
              SHA1:2C93AABEB33B56CAFEE571D3C78287AA58F59BBA
              SHA-256:37C992EAFB1DC7713D1DF489A0F7F0E090F0526915770071A3D6528559BD807B
              SHA-512:2CC57B6274DBB8A820249016A8915DD8081CBFF2B3FEDDB2FC56354D2F8D9EDE1881CE4C9C303396C343D6B17AC59C3B8E4A3CB05E5621853D40A7DCB010B7DA
              Malicious:true
              Reputation:low
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.3
              Process:C:\Users\user\Desktop\Lic.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):146414
              Entropy (8bit):6.346082537918833
              Encrypted:false
              SSDEEP:3072:tvfStxRL/l1JLnPynOuA7tuPkVg4qm5a4:ZKFJdvhqm5/
              MD5:9C43F77CB7CFF27CB47ED67BABE3EDA5
              SHA1:B0400CF68249369D21DE86BD26BB84CCFFD47C43
              SHA-256:F25B9288FE370DCFCB4823FB4E44AB88C7F5FCE6E137D0DBA389A3DBA07D621E
              SHA-512:CDE6FB6CF8DB6F9746E69E6C10214E60B3646700D70B49668A2A792E309714DD2D4C5A5241977A833A95FCDE8318ABCC89EB9968A5039A0B75726BBFA27125A7
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 7%
              Joe Sandbox View:
              • Filename: iBypass LPro A12+.exe, Detection: malicious, Browse
              • Filename: iBypass LPro A12+.exe, Detection: malicious, Browse
              • Filename: SecuriteInfo.com.Variant.Bulz.468687.12862.exe, Detection: malicious, Browse
              • Filename: Ambrosial.exe, Detection: malicious, Browse
              • Filename: FIa4FloXT2.exe, Detection: malicious, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0..J0..J0..J_.&J3..J9..J;..J0..Jf..J_..J1..J+,.J1..J+,&J(..J+,.J1..J+,.J1..J+,.J1..JRich0..J........................PE..d......Y.........." .........0...............................................p......8&....@.............................................s.......x....@.......0...............P..................................................................`....................text...1........................... ..`.rdata..c...........................@..@.data...X.... ......................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P....... ..............`...........................................................................................................................................................................................................................................................
              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):6.634655478974511
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:Lic.exe
              File size:341'504 bytes
              MD5:c5eaff76b3a6615840b4e0bc7e92fbc8
              SHA1:73e004370c39788699c010a09638d350a0d8fe1a
              SHA256:2316de75234975ef265f843eb585a3b34d875507a6f7506209a7df932de48667
              SHA512:604edb43a261dd05a74f7bc330c3c858d6ea6639cb59d7eba64982233eea7e78a4ac61d4672e8aca10681cd655ea1fb76626a46b9fd4fe787f2d160a2dc06968
              SSDEEP:6144:lazBLJpL1pda3+LEfC7w2bhafQEPx96w3KK6cDwSL0JVu9:lazBLJpL1pda3+LEAjd1Ev1L0c
              TLSH:FA74472D65C8C200E99F36F4CC621AF8D5266D4DE463888B3CC8FE2A36731DCD69D665
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....m..........."...0.. ...2.......?... ...`....@.. ....................................`................................
              Icon Hash:90cececece8e8eb0
              Entrypoint:0x453f06
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0xE66D18D1 [Thu Jul 3 07:44:17 2092 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x53eac0x57.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x540000x1050.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000x51f2c0x520004b3388da3cecf7de99883b9140003be5False0.631174971417683data6.6289203929392375IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0x540000x10500x1200a45e192ccd91f105b90720a0e3ed8391False0.3524305555555556data4.749249871797706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0x560000xc0x2005a2baff07ebc0abd5535dff91ab0d823False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0x540a00x348data0.38452380952380955
              RT_MANIFEST0x543e80xc66XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.3916194076874606
              DLLImport
              mscoree.dll_CorExeMain
              No network behavior found

              Click to jump to process

              Click to jump to process

              Click to dive into process behavior distribution

              Target ID:0
              Start time:17:27:16
              Start date:22/12/2024
              Path:C:\Users\user\Desktop\Lic.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\Lic.exe"
              Imagebase:0x24b57630000
              File size:341'504 bytes
              MD5 hash:C5EAFF76B3A6615840B4E0BC7E92FBC8
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Reset < >

                Execution Graph

                Execution Coverage:11.3%
                Dynamic/Decrypted Code Coverage:0.8%
                Signature Coverage:11.6%
                Total number of Nodes:614
                Total number of Limit Nodes:17
                execution_graph 6891 7ffd9b7d118a 6892 7ffd9b7d1199 6891->6892 6895 7ffe13303180 6892->6895 6896 7ffe133031a4 6895->6896 6897 7ffe13303193 6895->6897 6899 7ffd9b7d1249 6896->6899 6909 7ffe133030a0 6896->6909 6924 7ffe13308bc0 6897->6924 6902 7ffe1330321e 6920 7ffe13305790 6902->6920 6905 7ffe133031da 6906 7ffe133031f1 6905->6906 6928 7ffe13304090 6905->6928 6908 7ffe13308bc0 6 API calls 6906->6908 6908->6902 6910 7ffe133030b9 6909->6910 6911 7ffe133030b4 6909->6911 6945 7ffe1330c210 VirtualQuery 6910->6945 6911->6902 6927 7ffe1330ee80 GetProcessHeap HeapAlloc 6911->6927 6913 7ffe133030be 6946 7ffe1330ee80 GetProcessHeap HeapAlloc 6913->6946 6915 7ffe133030ed InitializeCriticalSection 6947 7ffe13301d70 CreateEventW CreateEventW CreateEventW GetCurrentThreadId CreateThread 6915->6947 6918 7ffe13303153 6948 7ffe1330d840 6918->6948 6921 7ffe133057b1 6920->6921 6922 7ffe133057a7 6920->6922 6921->6899 6956 7ffe13305540 6922->6956 7034 7ffe133094e0 6924->7034 6927->6905 7048 7ffe133098d0 6928->7048 6931 7ffe133098d0 UnDecorator::getCallIndex 2 API calls 6932 7ffe133040bd 6931->6932 6933 7ffe133098d0 UnDecorator::getCallIndex 2 API calls 6932->6933 6934 7ffe133040d0 6933->6934 6935 7ffe133098d0 UnDecorator::getCallIndex 2 API calls 6934->6935 6936 7ffe133040e3 6935->6936 6937 7ffe133098d0 UnDecorator::getCallIndex 2 API calls 6936->6937 6938 7ffe133040f6 6937->6938 6939 7ffe133098d0 UnDecorator::getCallIndex 2 API calls 6938->6939 6940 7ffe13304109 6939->6940 6941 7ffe133098d0 UnDecorator::getCallIndex 2 API calls 6940->6941 6942 7ffe1330411c 6941->6942 7051 7ffe13304140 6942->7051 6944 7ffe13304126 6944->6906 6945->6913 6946->6915 6947->6918 6949 7ffe1330d858 6948->6949 6950 7ffe1330d873 6948->6950 6955 7ffe1330eeb0 GetProcessHeap RtlFreeHeap 6949->6955 6951 7ffe1330d89c 6950->6951 6954 7ffe1330eeb0 GetProcessHeap RtlFreeHeap 6950->6954 6951->6911 6954->6951 6955->6950 6965 7ffe13308c00 6956->6965 6959 7ffe13308c00 28 API calls 6960 7ffe13305575 6959->6960 6998 7ffe133055b0 6960->6998 6962 7ffe13305584 6963 7ffe133055b0 SetEnvironmentVariableW 6962->6963 6964 7ffe1330559a 6963->6964 6964->6921 6966 7ffe13308cd8 GetCurrentProcess 6965->6966 6967 7ffe13308c78 GetCurrentProcess 6965->6967 6969 7ffe133012e0 11 API calls 6966->6969 7002 7ffe133012e0 6967->7002 6971 7ffe13308ced 6969->6971 6972 7ffe1330555a 6971->6972 7016 7ffe1330f750 lstrcatW 6971->7016 6972->6959 6975 7ffe13308cbf GetFileVersionInfoSizeW GetProcessHeap HeapAlloc GetFileVersionInfoW 7014 7ffe1330f180 lstrcpyA 6975->7014 6978 7ffe13308dac VerQueryValueA 6979 7ffe13309044 LoadLibraryW GetProcAddress 6978->6979 6980 7ffe13308dd9 6978->6980 6984 7ffe13309098 6979->6984 6981 7ffe13308f5f 6980->6981 6982 7ffe13308de7 6980->6982 6981->6979 7023 7ffe1330efd0 lstrcmpA 6981->7023 7017 7ffe1330efd0 lstrcmpA 6982->7017 7024 7ffe1330c160 6984->7024 6985 7ffe13308dfb 7018 7ffe1330efd0 lstrcmpA 6985->7018 6992 7ffe1330d840 2 API calls 6993 7ffe13309189 6992->6993 6993->6972 6994 7ffe13308e1e 6997 7ffe13308f4f 6994->6997 7019 7ffe1330f1b0 6994->7019 6996 7ffe13308f1f 6996->6979 6996->6997 6997->6979 6999 7ffe133055cc 6998->6999 7000 7ffe133055fa 6998->7000 6999->7000 7001 7ffe133055e6 SetEnvironmentVariableW 6999->7001 7000->6962 7001->7000 7003 7ffe1330132c 7002->7003 7004 7ffe13301349 GetProcessHeap HeapAlloc EnumProcessModules 7003->7004 7005 7ffe13301342 7003->7005 7006 7ffe1330139d 7004->7006 7007 7ffe133014a2 7004->7007 7005->6972 7015 7ffe1330f750 lstrcatW 7005->7015 7009 7ffe133013db 7006->7009 7010 7ffe133013a8 GetProcessHeap HeapFree 7006->7010 7007->7005 7008 7ffe133014aa GetProcessHeap HeapFree 7007->7008 7008->7005 7009->7007 7011 7ffe13301427 GetModuleBaseNameA 7009->7011 7013 7ffe13301465 GetProcessHeap HeapFree 7009->7013 7010->7005 7031 7ffe1330efa0 lstrcmpiA 7011->7031 7013->7005 7014->6978 7015->6975 7016->6975 7017->6985 7018->6994 7020 7ffe1330f1d7 7019->7020 7032 7ffe1330f230 lstrlenA 7020->7032 7022 7ffe1330f1e1 UnDecorator::getCallIndex 7022->6996 7023->6996 7027 7ffe1330c178 7024->7027 7025 7ffe13309130 7028 7ffe1330c0e0 7025->7028 7027->7025 7033 7ffe1330efd0 lstrcmpA 7027->7033 7029 7ffe1330c160 lstrcmpA 7028->7029 7030 7ffe1330914f GetProcessHeap HeapFree 7029->7030 7030->6992 7031->7009 7032->7022 7033->7027 7035 7ffe13309502 _wcsupr_s 7034->7035 7036 7ffe13308be9 7035->7036 7037 7ffe1330954c _wcsupr_s 7035->7037 7040 7ffe13309d00 7035->7040 7036->6896 7039 7ffe1330955b GetProcessHeap HeapAlloc 7037->7039 7039->7036 7044 7ffe133098f0 7040->7044 7042 7ffe13309d34 _wcsupr_s 7043 7ffe13309dea GetProcessHeap HeapFree 7042->7043 7043->7035 7046 7ffe13309904 GetProcessHeap HeapAlloc 7044->7046 7047 7ffe133099d7 UnDecorator::getCallIndex 7046->7047 7047->7042 7049 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7048->7049 7050 7ffe133040aa 7049->7050 7050->6931 7052 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7051->7052 7053 7ffe13304189 7052->7053 7054 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7053->7054 7055 7ffe1330419e 7054->7055 7056 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7055->7056 7057 7ffe133041b3 7056->7057 7058 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7057->7058 7059 7ffe133041c8 7058->7059 7060 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7059->7060 7061 7ffe133041dd 7060->7061 7062 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7061->7062 7063 7ffe133041f2 7062->7063 7064 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7063->7064 7065 7ffe13304207 UnDecorator::getCallIndex 7064->7065 7065->6944 7066 7ffe1330c4a0 7067 7ffe1330c0e0 lstrcmpA 7066->7067 7068 7ffe1330c4c5 7067->7068 7069 7ffe1330c0e0 lstrcmpA 7068->7069 7070 7ffe1330c4de 7069->7070 7071 7ffe1330c160 lstrcmpA 7070->7071 7072 7ffe1330c4f7 7071->7072 7073 7ffe1330c160 lstrcmpA 7072->7073 7074 7ffe1330c510 7073->7074 7082 7ffe1330c527 UnDecorator::getCallIndex 7074->7082 7083 7ffe1330c2f0 7074->7083 7076 7ffe1330c554 7077 7ffe1330c2f0 2 API calls 7076->7077 7078 7ffe1330c566 7077->7078 7078->7082 7087 7ffe1330ee80 GetProcessHeap HeapAlloc 7078->7087 7080 7ffe1330c5bf 7088 7ffe1330ee80 GetProcessHeap HeapAlloc 7080->7088 7084 7ffe1330c30b 7083->7084 7086 7ffe1330c312 7084->7086 7089 7ffe1330ee80 GetProcessHeap HeapAlloc 7084->7089 7086->7076 7087->7080 7088->7082 7089->7086 7090 7ffe1330bcc0 7096 7ffe1330f5a0 lstrcpyW 7090->7096 7092 7ffe1330bd07 CreateFileW GetFileSize 7097 7ffe1330ee80 GetProcessHeap HeapAlloc 7092->7097 7094 7ffe1330bd5d ReadFile CloseHandle 7095 7ffe1330bde1 UnDecorator::getCallIndex 7094->7095 7096->7092 7097->7094 7663 7ffd9b7d0d15 7665 7ffd9b7d0d23 LoadLibraryA 7663->7665 7666 7ffd9b7d0eb4 7665->7666 7098 7ffe13301c30 SetEvent 7099 7ffe13301c46 7098->7099 7100 7ffe13301c84 7099->7100 7101 7ffe13301c67 SetEvent 7099->7101 7103 7ffe13301f40 7099->7103 7101->7100 7104 7ffe13301f66 7103->7104 7109 7ffe13301f72 7103->7109 7110 7ffe13301ec0 GetTickCount 7104->7110 7106 7ffe13301fd2 7106->7099 7108 7ffe13301f9e SleepEx 7108->7108 7108->7109 7109->7106 7109->7108 7111 7ffe13301efb GetTickCount 7110->7111 7111->7111 7112 7ffe13301f0f 7111->7112 7112->7109 7113 7ffe13303fb0 7116 7ffe13308690 7113->7116 7117 7ffe133086bf UnDecorator::getCallIndex 7116->7117 7139 7ffe1330a4d0 EnterCriticalSection 7117->7139 7119 7ffe13308705 7140 7ffe13305a70 7119->7140 7121 7ffe13308722 _wcsupr_s 7171 7ffe1330a510 7121->7171 7123 7ffe1330877b _mbsset 7124 7ffe13308844 WaitForSingleObject 7123->7124 7125 7ffe13308a89 7123->7125 7128 7ffe133087e9 RaiseException 7123->7128 7132 7ffe13308916 7124->7132 7126 7ffe13308b1f GetProcessHeap HeapFree 7125->7126 7127 7ffe13308b35 7125->7127 7126->7127 7130 7ffe1330400f 7127->7130 7131 7ffe13308b3d GetProcessHeap HeapFree 7127->7131 7128->7124 7131->7130 7132->7125 7133 7ffe1330893c WaitForSingleObject 7132->7133 7134 7ffe13308965 7133->7134 7134->7125 7135 7ffe133089d0 7134->7135 7174 7ffe13306aa0 GetProcessHeap HeapAlloc 7135->7174 7137 7ffe133089ef GetProcessHeap HeapAlloc 7138 7ffe13308a1a 7137->7138 7138->7125 7139->7119 7142 7ffe13305ab9 _wcsupr_s 7140->7142 7141 7ffe13305ac0 7141->7121 7142->7141 7143 7ffe13305aed GetEnvironmentVariableW 7142->7143 7145 7ffe13305b26 7143->7145 7144 7ffe13305b87 7146 7ffe133094e0 6 API calls 7144->7146 7145->7141 7145->7144 7148 7ffe13305bc3 GetCurrentProcess 7145->7148 7147 7ffe13305ba8 7146->7147 7149 7ffe133098f0 UnDecorator::getCallIndex 2 API calls 7147->7149 7176 7ffe133057d0 EnumProcessModules 7148->7176 7169 7ffe13305bbe 7149->7169 7151 7ffe13305be5 _wcsupr_s 7151->7141 7152 7ffe13305c46 7151->7152 7153 7ffe13305c20 7151->7153 7189 7ffe13305da0 7152->7189 7155 7ffe133094e0 6 API calls 7153->7155 7155->7169 7156 7ffe13305c61 7157 7ffe13305cdd 7156->7157 7158 7ffe13305c74 7156->7158 7160 7ffe13305da0 45 API calls 7157->7160 7228 7ffe133092e0 7158->7228 7161 7ffe13305cf5 7160->7161 7162 7ffe13305d08 7161->7162 7163 7ffe13305d6e 7161->7163 7164 7ffe133092e0 6 API calls 7162->7164 7165 7ffe133094e0 6 API calls 7163->7165 7166 7ffe13305d2c 7164->7166 7165->7141 7166->7169 7170 7ffe13309690 6 API calls 7166->7170 7167 7ffe13305c98 7167->7169 7234 7ffe13309690 7167->7234 7169->7141 7170->7169 7172 7ffe1330a526 LeaveCriticalSection 7171->7172 7173 7ffe1330a549 7171->7173 7172->7173 7173->7123 7175 7ffe13306bf8 7174->7175 7175->7137 7177 7ffe1330585c EnumProcessModules 7176->7177 7178 7ffe1330582f GetProcessHeap HeapAlloc 7176->7178 7179 7ffe1330594f 7177->7179 7184 7ffe13305880 7177->7184 7178->7177 7180 7ffe1330596d VirtualQuery 7179->7180 7181 7ffe13305957 GetProcessHeap HeapFree 7179->7181 7240 7ffe13306520 VirtualQuery 7180->7240 7181->7180 7182 7ffe133058c1 GetModuleInformation 7182->7184 7184->7179 7184->7182 7186 7ffe13305912 GetProcessHeap HeapFree 7184->7186 7185 7ffe13305a2e 7185->7151 7186->7185 7188 7ffe13306520 2 API calls 7188->7185 7190 7ffe13305dd6 7189->7190 7191 7ffe13306520 2 API calls 7190->7191 7192 7ffe13305e06 7191->7192 7193 7ffe13305e0d 7192->7193 7194 7ffe13305e33 7192->7194 7195 7ffe1330d840 2 API calls 7193->7195 7197 7ffe13306520 2 API calls 7194->7197 7196 7ffe13305e26 7195->7196 7196->7156 7198 7ffe13305e70 7197->7198 7199 7ffe13305e9d 7198->7199 7200 7ffe13305e77 7198->7200 7201 7ffe13306520 2 API calls 7199->7201 7202 7ffe1330d840 2 API calls 7200->7202 7203 7ffe13305ed6 7201->7203 7202->7196 7204 7ffe13305edd 7203->7204 7206 7ffe13305f03 7203->7206 7205 7ffe1330d840 2 API calls 7204->7205 7205->7196 7207 7ffe13305f6d 7206->7207 7208 7ffe13305f47 7206->7208 7244 7ffe13306880 7207->7244 7210 7ffe1330d840 2 API calls 7208->7210 7210->7196 7211 7ffe13305fc5 7212 7ffe13306009 GetProcessHeap HeapAlloc 7211->7212 7268 7ffe1330ee80 GetProcessHeap HeapAlloc 7212->7268 7214 7ffe13306050 7215 7ffe13306070 GetProcessHeap HeapAlloc 7214->7215 7217 7ffe133098d0 UnDecorator::getCallIndex 2 API calls 7214->7217 7218 7ffe133060ce 7215->7218 7217->7215 7219 7ffe133063d8 7218->7219 7224 7ffe133061a7 7218->7224 7269 7ffe1330cdc0 7219->7269 7221 7ffe133063b8 7221->7156 7222 7ffe133064ec 7223 7ffe1330d840 2 API calls 7222->7223 7223->7196 7224->7221 7225 7ffe13306323 VirtualProtect VirtualProtect 7224->7225 7225->7221 7226 7ffe133063ea 7226->7222 7227 7ffe13309a90 6 API calls 7226->7227 7227->7226 7229 7ffe13309302 _wcsupr_s 7228->7229 7230 7ffe13309309 7229->7230 7231 7ffe1330934c _wcsupr_s 7229->7231 7232 7ffe13309d00 4 API calls 7229->7232 7230->7167 7233 7ffe1330935b GetProcessHeap HeapAlloc 7231->7233 7232->7229 7233->7230 7235 7ffe133096b2 _wcsupr_s 7234->7235 7236 7ffe133096b9 7235->7236 7237 7ffe13309d00 4 API calls 7235->7237 7238 7ffe133096fc _wcsupr_s 7235->7238 7236->7169 7237->7235 7239 7ffe1330970b GetProcessHeap HeapAlloc 7238->7239 7239->7236 7241 7ffe13306552 7240->7241 7243 7ffe133059b8 7240->7243 7242 7ffe13306578 VirtualQuery 7241->7242 7241->7243 7242->7243 7243->7185 7243->7188 7246 7ffe13306895 7244->7246 7245 7ffe133068a3 7245->7211 7246->7245 7247 7ffe133069b8 7246->7247 7248 7ffe133068d4 7246->7248 7247->7245 7250 7ffe133069e1 GetSystemTimeAsFileTime CompareFileTime 7247->7250 7280 7ffe13303270 GetProcessHeap HeapAlloc 7248->7280 7250->7245 7252 7ffe13306a0d 7250->7252 7304 7ffe1330f750 lstrcatW 7252->7304 7255 7ffe13306a3f 7305 7ffe1330f750 lstrcatW 7255->7305 7256 7ffe13306950 7299 7ffe1330f750 lstrcatW 7256->7299 7259 7ffe13306a53 7306 7ffe1330f750 lstrcatW 7259->7306 7260 7ffe13306964 7300 7ffe1330f750 lstrcatW 7260->7300 7263 7ffe13306a67 MessageBoxW 7265 7ffe1330e810 ExitProcess 7263->7265 7264 7ffe13306978 MessageBoxW 7301 7ffe1330e810 7264->7301 7265->7245 7267 7ffe1330699f 7267->7245 7268->7214 7270 7ffe1330cde7 7269->7270 7271 7ffe1330d1cb 7269->7271 7322 7ffe1330a590 7270->7322 7271->7226 7273 7ffe1330cedc 7274 7ffe1330cf36 RaiseException 7273->7274 7277 7ffe1330cf91 7273->7277 7274->7277 7275 7ffe1330efd0 lstrcmpA 7278 7ffe1330cdf4 7275->7278 7277->7271 7559 7ffe1330c9f0 7277->7559 7278->7273 7278->7275 7558 7ffe1330f230 lstrlenA 7278->7558 7281 7ffe1330334c RaiseException 7280->7281 7282 7ffe133033b1 7280->7282 7283 7ffe1330e810 ExitProcess 7281->7283 7284 7ffe133033db GetProcessHeap HeapFree GetProcessHeap HeapAlloc 7282->7284 7285 7ffe13303421 7282->7285 7283->7282 7284->7285 7286 7ffe13303429 RaiseException 7285->7286 7287 7ffe1330348e 7285->7287 7288 7ffe1330e810 ExitProcess 7286->7288 7289 7ffe13303569 7287->7289 7296 7ffe133034c8 7287->7296 7288->7287 7290 7ffe1330357a FormatMessageW 7289->7290 7291 7ffe13303607 GetProcessHeap HeapFree 7289->7291 7290->7291 7292 7ffe133035b4 RaiseException LocalFree GetProcessHeap HeapFree 7290->7292 7297 7ffe1330354a 7291->7297 7294 7ffe1330e810 ExitProcess 7292->7294 7293 7ffe13303564 7293->7291 7294->7291 7296->7293 7296->7297 7307 7ffe13303630 7296->7307 7297->7267 7298 7ffe1330f750 lstrcatW 7297->7298 7298->7256 7299->7260 7300->7264 7320 7ffe1330e7d0 7301->7320 7303 7ffe1330e81d ExitProcess 7304->7255 7305->7259 7306->7263 7310 7ffe1330f780 7307->7310 7317 7ffe1330f660 lstrlenW 7310->7317 7312 7ffe1330f798 7318 7ffe1330f660 lstrlenW 7312->7318 7314 7ffe1330f7a6 7316 7ffe1330364d 7314->7316 7319 7ffe1330f430 lstrcmpW 7314->7319 7316->7296 7317->7312 7318->7314 7319->7314 7321 7ffe1330e7dd _initterm 7320->7321 7321->7303 7323 7ffe1330a5a5 7322->7323 7324 7ffe1330a5aa 7322->7324 7323->7278 7563 7ffe1330ee80 GetProcessHeap HeapAlloc 7324->7563 7326 7ffe1330a5b4 7327 7ffe1330a5df 7326->7327 7564 7ffe1330d960 7326->7564 7567 7ffe1330ee80 GetProcessHeap HeapAlloc 7327->7567 7330 7ffe1330a60e 7331 7ffe1330a633 7330->7331 7568 7ffe1330d8e0 7330->7568 7571 7ffe1330ee80 GetProcessHeap HeapAlloc 7331->7571 7334 7ffe1330a662 7335 7ffe1330a687 7334->7335 7336 7ffe1330d8e0 2 API calls 7334->7336 7572 7ffe1330ee80 GetProcessHeap HeapAlloc 7335->7572 7336->7335 7338 7ffe1330a6b6 7339 7ffe1330a6db 7338->7339 7340 7ffe1330d8e0 2 API calls 7338->7340 7573 7ffe1330ee80 GetProcessHeap HeapAlloc 7339->7573 7340->7339 7342 7ffe1330a70a 7343 7ffe1330a72f 7342->7343 7344 7ffe1330d8e0 2 API calls 7342->7344 7574 7ffe1330ee80 GetProcessHeap HeapAlloc 7343->7574 7344->7343 7346 7ffe1330a75e 7347 7ffe1330a783 7346->7347 7348 7ffe1330d8e0 2 API calls 7346->7348 7575 7ffe1330ee80 GetProcessHeap HeapAlloc 7347->7575 7348->7347 7350 7ffe1330a7b2 7351 7ffe1330a7d7 7350->7351 7352 7ffe1330d8e0 2 API calls 7350->7352 7576 7ffe1330ee80 GetProcessHeap HeapAlloc 7351->7576 7352->7351 7354 7ffe1330a806 7355 7ffe1330a867 7354->7355 7577 7ffe1330dcd0 7354->7577 7580 7ffe1330ee80 GetProcessHeap HeapAlloc 7355->7580 7358 7ffe1330a896 7359 7ffe1330a8c7 7358->7359 7581 7ffe1330d9f0 7358->7581 7584 7ffe1330ee80 GetProcessHeap HeapAlloc 7359->7584 7362 7ffe1330a8f6 7363 7ffe1330a91b 7362->7363 7364 7ffe1330d8e0 2 API calls 7362->7364 7585 7ffe1330ee80 GetProcessHeap HeapAlloc 7363->7585 7364->7363 7366 7ffe1330a94a 7367 7ffe1330a9ab 7366->7367 7368 7ffe1330dcd0 2 API calls 7366->7368 7586 7ffe1330ee80 GetProcessHeap HeapAlloc 7367->7586 7368->7367 7370 7ffe1330a9da 7371 7ffe1330aa13 7370->7371 7587 7ffe1330da90 7370->7587 7590 7ffe1330ee80 GetProcessHeap HeapAlloc 7371->7590 7374 7ffe1330aa42 7375 7ffe1330aa6d 7374->7375 7376 7ffe1330d960 2 API calls 7374->7376 7591 7ffe1330ee80 GetProcessHeap HeapAlloc 7375->7591 7376->7375 7378 7ffe1330aa9c 7379 7ffe1330aacd 7378->7379 7380 7ffe1330d9f0 2 API calls 7378->7380 7592 7ffe1330ee80 GetProcessHeap HeapAlloc 7379->7592 7380->7379 7382 7ffe1330aafc 7383 7ffe1330ab2d 7382->7383 7384 7ffe1330d9f0 2 API calls 7382->7384 7593 7ffe1330ee80 GetProcessHeap HeapAlloc 7383->7593 7384->7383 7386 7ffe1330ab5c 7387 7ffe1330d9f0 2 API calls 7386->7387 7389 7ffe1330ab8d 7386->7389 7387->7389 7594 7ffe1330ee80 GetProcessHeap HeapAlloc 7389->7594 7390 7ffe1330abbc 7391 7ffe1330abed 7390->7391 7392 7ffe1330d9f0 2 API calls 7390->7392 7595 7ffe1330ee80 GetProcessHeap HeapAlloc 7391->7595 7392->7391 7394 7ffe1330ac1c 7395 7ffe1330ac47 7394->7395 7396 7ffe1330d960 2 API calls 7394->7396 7596 7ffe1330ee80 GetProcessHeap HeapAlloc 7395->7596 7396->7395 7398 7ffe1330ac76 7399 7ffe1330aca7 7398->7399 7400 7ffe1330d9f0 2 API calls 7398->7400 7597 7ffe1330ee80 GetProcessHeap HeapAlloc 7399->7597 7400->7399 7402 7ffe1330acd6 7403 7ffe1330ad17 7402->7403 7598 7ffe1330db40 7402->7598 7601 7ffe1330ee80 GetProcessHeap HeapAlloc 7403->7601 7406 7ffe1330ad46 7407 7ffe1330ad77 7406->7407 7408 7ffe1330d9f0 2 API calls 7406->7408 7602 7ffe1330ee80 GetProcessHeap HeapAlloc 7407->7602 7408->7407 7410 7ffe1330ada6 7411 7ffe1330add1 7410->7411 7412 7ffe1330d960 2 API calls 7410->7412 7603 7ffe1330ee80 GetProcessHeap HeapAlloc 7411->7603 7412->7411 7414 7ffe1330ae00 7415 7ffe1330ae2b 7414->7415 7416 7ffe1330d960 2 API calls 7414->7416 7604 7ffe1330ee80 GetProcessHeap HeapAlloc 7415->7604 7416->7415 7418 7ffe1330ae5a 7419 7ffe1330ae85 7418->7419 7420 7ffe1330d960 2 API calls 7418->7420 7605 7ffe1330ee80 GetProcessHeap HeapAlloc 7419->7605 7420->7419 7422 7ffe1330aeb4 7423 7ffe1330aee5 7422->7423 7424 7ffe1330d9f0 2 API calls 7422->7424 7606 7ffe1330ee80 GetProcessHeap HeapAlloc 7423->7606 7424->7423 7426 7ffe1330af14 7427 7ffe1330af4d 7426->7427 7428 7ffe1330da90 2 API calls 7426->7428 7607 7ffe1330ee80 GetProcessHeap HeapAlloc 7427->7607 7428->7427 7430 7ffe1330af7c 7431 7ffe1330afa7 7430->7431 7432 7ffe1330d960 2 API calls 7430->7432 7608 7ffe1330ee80 GetProcessHeap HeapAlloc 7431->7608 7432->7431 7434 7ffe1330afd6 7435 7ffe1330b00f 7434->7435 7436 7ffe1330da90 2 API calls 7434->7436 7609 7ffe1330ee80 GetProcessHeap HeapAlloc 7435->7609 7436->7435 7438 7ffe1330b03e 7439 7ffe1330b069 7438->7439 7440 7ffe1330d960 2 API calls 7438->7440 7610 7ffe1330ee80 GetProcessHeap HeapAlloc 7439->7610 7440->7439 7442 7ffe1330b098 7443 7ffe1330b0d1 7442->7443 7444 7ffe1330da90 2 API calls 7442->7444 7611 7ffe1330ee80 GetProcessHeap HeapAlloc 7443->7611 7444->7443 7446 7ffe1330b100 7447 7ffe1330b131 7446->7447 7448 7ffe1330d9f0 2 API calls 7446->7448 7612 7ffe1330ee80 GetProcessHeap HeapAlloc 7447->7612 7448->7447 7450 7ffe1330b160 7451 7ffe1330b1a9 7450->7451 7613 7ffe1330dc00 7450->7613 7616 7ffe1330ee80 GetProcessHeap HeapAlloc 7451->7616 7454 7ffe1330b1d8 7455 7ffe1330b209 7454->7455 7456 7ffe1330d9f0 2 API calls 7454->7456 7617 7ffe1330ee80 GetProcessHeap HeapAlloc 7455->7617 7456->7455 7458 7ffe1330b238 7459 7ffe1330b269 7458->7459 7460 7ffe1330d9f0 2 API calls 7458->7460 7618 7ffe1330ee80 GetProcessHeap HeapAlloc 7459->7618 7460->7459 7462 7ffe1330b298 7463 7ffe1330b2c3 7462->7463 7464 7ffe1330d960 2 API calls 7462->7464 7619 7ffe1330ee80 GetProcessHeap HeapAlloc 7463->7619 7464->7463 7466 7ffe1330b2f2 7467 7ffe1330b333 7466->7467 7468 7ffe1330db40 2 API calls 7466->7468 7620 7ffe1330ee80 GetProcessHeap HeapAlloc 7467->7620 7468->7467 7470 7ffe1330b362 7471 7ffe1330b387 7470->7471 7472 7ffe1330d8e0 2 API calls 7470->7472 7621 7ffe1330ee80 GetProcessHeap HeapAlloc 7471->7621 7472->7471 7474 7ffe1330b3b6 7475 7ffe1330b3e1 7474->7475 7476 7ffe1330d960 2 API calls 7474->7476 7622 7ffe1330ee80 GetProcessHeap HeapAlloc 7475->7622 7476->7475 7478 7ffe1330b410 7479 7ffe1330b441 7478->7479 7480 7ffe1330d9f0 2 API calls 7478->7480 7623 7ffe1330ee80 GetProcessHeap HeapAlloc 7479->7623 7480->7479 7482 7ffe1330b470 7483 7ffe1330b4a1 7482->7483 7484 7ffe1330d9f0 2 API calls 7482->7484 7624 7ffe1330ee80 GetProcessHeap HeapAlloc 7483->7624 7484->7483 7486 7ffe1330b4d0 7487 7ffe1330b4fb 7486->7487 7488 7ffe1330d960 2 API calls 7486->7488 7625 7ffe1330ee80 GetProcessHeap HeapAlloc 7487->7625 7488->7487 7490 7ffe1330b52a 7491 7ffe1330b54f 7490->7491 7492 7ffe1330d8e0 2 API calls 7490->7492 7626 7ffe1330ee80 GetProcessHeap HeapAlloc 7491->7626 7492->7491 7494 7ffe1330b57e 7495 7ffe1330b5c7 7494->7495 7496 7ffe1330dc00 2 API calls 7494->7496 7627 7ffe1330ee80 GetProcessHeap HeapAlloc 7495->7627 7496->7495 7498 7ffe1330b5f6 7499 7ffe1330b627 7498->7499 7500 7ffe1330d9f0 2 API calls 7498->7500 7628 7ffe1330ee80 GetProcessHeap HeapAlloc 7499->7628 7500->7499 7502 7ffe1330b656 7503 7ffe1330d8e0 2 API calls 7502->7503 7508 7ffe1330b67b 7502->7508 7503->7508 7504 7ffe1330b724 7630 7ffe1330ee80 GetProcessHeap HeapAlloc 7504->7630 7507 7ffe1330b72e 7509 7ffe1330b75f 7507->7509 7510 7ffe1330d9f0 2 API calls 7507->7510 7508->7504 7629 7ffe1330ee80 GetProcessHeap HeapAlloc 7508->7629 7631 7ffe1330ee80 GetProcessHeap HeapAlloc 7509->7631 7510->7509 7512 7ffe1330b78e 7513 7ffe1330b7bf 7512->7513 7514 7ffe1330d9f0 2 API calls 7512->7514 7632 7ffe1330ee80 GetProcessHeap HeapAlloc 7513->7632 7514->7513 7516 7ffe1330b7ee 7517 7ffe1330b8ba 7516->7517 7633 7ffe1330ddd0 7516->7633 7636 7ffe1330ee80 GetProcessHeap HeapAlloc 7517->7636 7520 7ffe1330b8e9 7521 7ffe1330b914 7520->7521 7522 7ffe1330d960 2 API calls 7520->7522 7637 7ffe1330ee80 GetProcessHeap HeapAlloc 7521->7637 7522->7521 7524 7ffe1330b943 7525 7ffe1330b974 7524->7525 7526 7ffe1330d9f0 2 API calls 7524->7526 7638 7ffe1330ee80 GetProcessHeap HeapAlloc 7525->7638 7526->7525 7528 7ffe1330b9a3 7529 7ffe1330b9e4 7528->7529 7530 7ffe1330db40 2 API calls 7528->7530 7639 7ffe1330ee80 GetProcessHeap HeapAlloc 7529->7639 7530->7529 7532 7ffe1330ba13 7533 7ffe1330ba3e 7532->7533 7534 7ffe1330d960 2 API calls 7532->7534 7640 7ffe1330ee80 GetProcessHeap HeapAlloc 7533->7640 7534->7533 7536 7ffe1330ba6d 7537 7ffe1330ba98 7536->7537 7538 7ffe1330d960 2 API calls 7536->7538 7641 7ffe1330ee80 GetProcessHeap HeapAlloc 7537->7641 7538->7537 7540 7ffe1330bac7 7541 7ffe1330baf2 7540->7541 7542 7ffe1330d960 2 API calls 7540->7542 7642 7ffe1330ee80 GetProcessHeap HeapAlloc 7541->7642 7542->7541 7544 7ffe1330bb21 7545 7ffe1330bb52 7544->7545 7546 7ffe1330d9f0 2 API calls 7544->7546 7643 7ffe1330ee80 GetProcessHeap HeapAlloc 7545->7643 7546->7545 7548 7ffe1330bb81 7549 7ffe1330bbc2 7548->7549 7550 7ffe1330db40 2 API calls 7548->7550 7644 7ffe1330ee80 GetProcessHeap HeapAlloc 7549->7644 7550->7549 7552 7ffe1330bbf1 7553 7ffe1330bc27 7552->7553 7554 7ffe1330da90 2 API calls 7552->7554 7645 7ffe1330ee80 GetProcessHeap HeapAlloc 7553->7645 7554->7553 7556 7ffe1330bc56 7556->7323 7557 7ffe1330d960 2 API calls 7556->7557 7557->7323 7558->7278 7560 7ffe1330ca24 7559->7560 7561 7ffe1330ca70 7560->7561 7654 7ffe1330ca80 7560->7654 7561->7277 7563->7326 7646 7ffe1330ee80 GetProcessHeap HeapAlloc 7564->7646 7566 7ffe1330d9ae 7566->7327 7567->7330 7647 7ffe1330ee80 GetProcessHeap HeapAlloc 7568->7647 7570 7ffe1330d929 7570->7331 7571->7334 7572->7338 7573->7342 7574->7346 7575->7350 7576->7354 7648 7ffe1330ee80 GetProcessHeap HeapAlloc 7577->7648 7579 7ffe1330dd23 7579->7355 7580->7358 7649 7ffe1330ee80 GetProcessHeap HeapAlloc 7581->7649 7583 7ffe1330da43 7583->7359 7584->7362 7585->7366 7586->7370 7650 7ffe1330ee80 GetProcessHeap HeapAlloc 7587->7650 7589 7ffe1330dae3 7589->7371 7590->7374 7591->7378 7592->7382 7593->7386 7594->7390 7595->7394 7596->7398 7597->7402 7651 7ffe1330ee80 GetProcessHeap HeapAlloc 7598->7651 7600 7ffe1330db93 7600->7403 7601->7406 7602->7410 7603->7414 7604->7418 7605->7422 7606->7426 7607->7430 7608->7434 7609->7438 7610->7442 7611->7446 7612->7450 7652 7ffe1330ee80 GetProcessHeap HeapAlloc 7613->7652 7615 7ffe1330dc53 7615->7451 7616->7454 7617->7458 7618->7462 7619->7466 7620->7470 7621->7474 7622->7478 7623->7482 7624->7486 7625->7490 7626->7494 7627->7498 7628->7502 7629->7508 7630->7507 7631->7512 7632->7516 7653 7ffe1330ee80 GetProcessHeap HeapAlloc 7633->7653 7635 7ffe1330de23 7635->7517 7636->7520 7637->7524 7638->7528 7639->7532 7640->7536 7641->7540 7642->7544 7643->7548 7644->7552 7645->7556 7646->7566 7647->7570 7648->7579 7649->7583 7650->7589 7651->7600 7652->7615 7653->7635 7655 7ffe1330caaf 7654->7655 7657 7ffe1330caa0 7654->7657 7656 7ffe1330cc9f RaiseException 7655->7656 7655->7657 7656->7657 7657->7560 7658 7ffe13305730 7659 7ffe1330573b 7658->7659 7660 7ffe13305758 VirtualProtect 7658->7660 7661 7ffe13305704 7659->7661 7662 7ffe1330573f 7659->7662 7660->7661 7662->7660 7667 7ffe133056de 7668 7ffe133056ef VirtualProtect 7667->7668 7669 7ffe133056e9 7667->7669 7670 7ffe13326bd0 7668->7670 7669->7668

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 7ffe13308c00-7ffe13308c76 1 7ffe13308cd8-7ffe13308ce8 GetCurrentProcess call 7ffe133012e0 0->1 2 7ffe13308c78-7ffe13308c88 GetCurrentProcess call 7ffe133012e0 0->2 6 7ffe13308ced-7ffe13308cfe 1->6 5 7ffe13308c8d-7ffe13308c9e 2->5 7 7ffe13308ca0-7ffe13308cd6 call 7ffe1330f750 5->7 8 7ffe13308cc1-7ffe13308cd1 5->8 9 7ffe13308d00-7ffe13308d1f call 7ffe1330f750 6->9 10 7ffe13308d21-7ffe13308d31 6->10 17 7ffe13308d36-7ffe13308da7 GetFileVersionInfoSizeW GetProcessHeap HeapAlloc GetFileVersionInfoW call 7ffe1330f180 7->17 12 7ffe13309190-7ffe13309199 8->12 9->17 10->12 19 7ffe13308dac-7ffe13308dd3 VerQueryValueA 17->19 20 7ffe13309044-7ffe13309189 LoadLibraryW GetProcAddress call 7ffe1330be50 call 7ffe1330c160 call 7ffe1330c0e0 GetProcessHeap HeapFree call 7ffe1330d840 19->20 21 7ffe13308dd9-7ffe13308de1 19->21 20->12 22 7ffe13308f5f-7ffe13308f67 21->22 23 7ffe13308de7-7ffe13308dfd call 7ffe1330efd0 21->23 22->20 25 7ffe13308f6d-7ffe13308f83 call 7ffe1330efd0 22->25 30 7ffe13308dff 23->30 31 7ffe13308e0a-7ffe13308e20 call 7ffe1330efd0 23->31 35 7ffe13308f90-7ffe13308fc9 call 7ffe1330f000 25->35 36 7ffe13308f85 25->36 30->31 43 7ffe13308e22 31->43 44 7ffe13308e2d-7ffe13308e82 call 7ffe1330f000 31->44 45 7ffe13308fea-7ffe13309023 call 7ffe1330f000 35->45 46 7ffe13308fcb-7ffe13308fd0 35->46 36->35 43->44 56 7ffe13308e88-7ffe13308e9c 44->56 57 7ffe13308f5a 44->57 45->20 58 7ffe13309025-7ffe1330902a 45->58 49 7ffe13308fdf 46->49 50 7ffe13308fd2-7ffe13308fdd 46->50 49->45 50->45 59 7ffe13308ea7-7ffe13308eb5 56->59 57->20 60 7ffe13309039 58->60 61 7ffe1330902c-7ffe13309037 58->61 62 7ffe13308eb7-7ffe13308ec5 59->62 63 7ffe13308ef9-7ffe13308f4d call 7ffe1330f1b0 call 7ffe1330e580 59->63 60->20 61->20 62->63 64 7ffe13308ec7-7ffe13308ed2 62->64 63->57 70 7ffe13308f4f 63->70 64->63 66 7ffe13308ed4-7ffe13308ef7 64->66 66->59 70->57
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: HeapProcess$CurrentFileInfoVersion$AddressAllocFreeLibraryLoadProcQuerySizeValuelstrcatlstrcmp
                • String ID: .text$.text$2.0.50727.$2.0.50727.3053 (netfxsp.050727-3000)$2.0.50727.3068 (QFE.050727-3000)$4.0.30319.17020 built by: FXM3REL$4.0.30319.17379$4.0.30319.17626$\StringFileInfo\040904b0\FileVersion$clrjit.dll$clrjit.dll$getJit$mscorjit.dll$mscorjit.dll$v4.0
                • API String ID: 1337683846-2252446965
                • Opcode ID: bf7c1317f622244dced4724584e83ced2fe33d4f420fe2c36be6f14a33b3fa1d
                • Instruction ID: 6a004a5daa55671776aaa32c6abfd5f711fb8141fb426f2754dfad2acaf05816
                • Opcode Fuzzy Hash: bf7c1317f622244dced4724584e83ced2fe33d4f420fe2c36be6f14a33b3fa1d
                • Instruction Fuzzy Hash: 92E16836618AC289EB70EB12E4503AEB7A1FBD4798F404072DA9D93B69DF7CD544CB04

                Control-flow Graph

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$Process$AllocEnumFreeModules
                • String ID:
                • API String ID: 384433944-0
                • Opcode ID: 4bdb968fcc38d39109dc59b9e1baebd67f78a17c960ccfb52890f12f631b5947
                • Instruction ID: 6212dd90385fbd84e1c69fc49622551fda545cd5ee1de61ca458a852398bfe48
                • Opcode Fuzzy Hash: 4bdb968fcc38d39109dc59b9e1baebd67f78a17c960ccfb52890f12f631b5947
                • Instruction Fuzzy Hash: 2B51C676A1CE81C6D670DB16E4843AEA3A0FB98798F400165EB9D93B68DF3CD5458B08

                Control-flow Graph

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Create$Event$Thread$Current
                • String ID:
                • API String ID: 4115085679-0
                • Opcode ID: 81d0fca3617dce84e9447a9b99591e8606d6e50b48b280d0001a6c6406541dee
                • Instruction ID: 9f789a3567d31d39c8e08d0f939e49eb049fe693bb0fe48688b11d35ee21155b
                • Opcode Fuzzy Hash: 81d0fca3617dce84e9447a9b99591e8606d6e50b48b280d0001a6c6406541dee
                • Instruction Fuzzy Hash: 7C01AD39B18F02CAF3E48B31B816F2A7261EB64328F405079C81E52B31CE3DD1598708
                APIs
                • SleepEx.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FFE13301C82), ref: 00007FFE13301FA3
                  • Part of subcall function 00007FFE13301EC0: GetTickCount.KERNEL32 ref: 00007FFE13301ED6
                  • Part of subcall function 00007FFE13301EC0: GetTickCount.KERNEL32 ref: 00007FFE13301EFB
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: CountTick$Sleep
                • String ID:
                • API String ID: 4250438611-0
                • Opcode ID: f80cb61c89d33c2232b3e099c83d3592c43c439f46915bcc95f91fc8b3857663
                • Instruction ID: 28fadd943ee2ea84fdeffbaa5fa52e18406825c64e46faa07a1b79f0e6424277
                • Opcode Fuzzy Hash: f80cb61c89d33c2232b3e099c83d3592c43c439f46915bcc95f91fc8b3857663
                • Instruction Fuzzy Hash: D0011275E18E42CED750CB16E88022E7791E7983A4F100275E59D92775DF3CD1518B44
                Memory Dump Source
                • Source File: 00000000.00000002.1725679296.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b7d0000_Lic.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a7b7e70e17a6a0424ea5c8f7451054a2120f043743075bca2e0563aa7763b896
                • Instruction ID: 1b7e015ad30ddf60b8fa560713364fd42b022999932071d3ef9121962dc69154
                • Opcode Fuzzy Hash: a7b7e70e17a6a0424ea5c8f7451054a2120f043743075bca2e0563aa7763b896
                • Instruction Fuzzy Hash: 3BF1A630A09A4D8FEBA8DF28C855BE977D1FF54350F04436EE84DC72A5DB34A9458B81
                Memory Dump Source
                • Source File: 00000000.00000002.1725679296.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b7d0000_Lic.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f2f7e4c2bbf21e56496e63755d3b74043148e010ee63086f7836d712f06ce49
                • Instruction ID: a7a7afb3abdf7af970ffc478d00ae58beb3cb448b9fee728211a09a804a17b7a
                • Opcode Fuzzy Hash: 5f2f7e4c2bbf21e56496e63755d3b74043148e010ee63086f7836d712f06ce49
                • Instruction Fuzzy Hash: 8AE1D630A09A8D8FEBA8DF28C8557E937E1FF94310F04436ED84DC72A5CE34A9448B81

                Control-flow Graph

                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$Process$CriticalFreeObjectSectionSingleWait$AllocEnterExceptionLeaveRaise_wcsupr_s
                • String ID: Agile.NET runtime internal error occurred.$cr
                • API String ID: 1784018953-3111436492
                • Opcode ID: b57ee397af7449738234008319c071eeff7daba371090b3499b93e4d6dde85af
                • Instruction ID: 1417a9a5a135a1dfe20d7690cccb4952d2a1dbcc13d15d9a4e306497386b43c4
                • Opcode Fuzzy Hash: b57ee397af7449738234008319c071eeff7daba371090b3499b93e4d6dde85af
                • Instruction Fuzzy Hash: FEC1F87660CAC5C9DB60CB56E4883AEB7A0F7D8BA0F044126DA9D53B69DF3CD445CB04

                Control-flow Graph

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$Process$EnumFreeModules$AllocInformationModuleQueryVirtual
                • String ID:
                • API String ID: 4262206646-0
                • Opcode ID: ceea9e61ae2fdccb7e003e48507b8b41b37007da2f5e0dd68eb70b98ab781cd9
                • Instruction ID: 6480736aa54ed364364eaf4dadd133bc1b3cae42753fefc7c476e6644cc7d537
                • Opcode Fuzzy Hash: ceea9e61ae2fdccb7e003e48507b8b41b37007da2f5e0dd68eb70b98ab781cd9
                • Instruction Fuzzy Hash: C761092660CA81CAE670CB16E48476EB7A0F7D87A4F404136EADD93BA8DF3CD5448F04

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 168 7ffe13305da0-7ffe13305e0b call 7ffe1330be50 call 7ffe1330c8d0 call 7ffe13306520 175 7ffe13305e0d-7ffe13305e2e call 7ffe1330d840 168->175 176 7ffe13305e33-7ffe13305e75 call 7ffe133091a0 call 7ffe13306520 168->176 181 7ffe1330650e-7ffe13306515 175->181 184 7ffe13305e9d-7ffe13305edb call 7ffe13306520 176->184 185 7ffe13305e77-7ffe13305e98 call 7ffe1330d840 176->185 190 7ffe13305edd-7ffe13305efe call 7ffe1330d840 184->190 191 7ffe13305f03-7ffe13305f27 call 7ffe1330ebd0 184->191 185->181 190->181 196 7ffe13305f6d-7ffe13305f89 call 7ffe1330ebd0 191->196 197 7ffe13305f29-7ffe13305f45 call 7ffe1330ebd0 191->197 202 7ffe13305f8b 196->202 203 7ffe13305f93-7ffe13306061 call 7ffe13306880 call 7ffe1330ed00 call 7ffe133091a0 GetProcessHeap HeapAlloc call 7ffe1330ee80 196->203 197->196 204 7ffe13305f47-7ffe13305f68 call 7ffe1330d840 197->204 202->203 215 7ffe1330607a 203->215 216 7ffe13306063-7ffe13306078 call 7ffe133098d0 203->216 204->181 217 7ffe13306086-7ffe133060fa GetProcessHeap HeapAlloc call 7ffe1330ed00 215->217 216->217 222 7ffe133060fc-7ffe13306116 call 7ffe1330d360 217->222 223 7ffe13306119-7ffe133061a1 217->223 222->223 226 7ffe133063d8-7ffe13306408 call 7ffe1330cdc0 223->226 227 7ffe133061a7-7ffe133061bb 223->227 236 7ffe1330641a-7ffe13306428 226->236 229 7ffe133061bd-7ffe133061c8 227->229 230 7ffe133061ca-7ffe133061f3 227->230 232 7ffe133061fa-7ffe13306210 229->232 230->232 234 7ffe13306237-7ffe133062e1 232->234 235 7ffe13306212-7ffe1330621a 232->235 238 7ffe133063b8-7ffe133063d3 234->238 239 7ffe133062e7-7ffe133062fb 234->239 235->234 237 7ffe1330621c-7ffe13306230 call 7ffe1330d360 235->237 240 7ffe133064ec-7ffe13306506 call 7ffe1330d840 236->240 241 7ffe1330642e-7ffe13306446 236->241 237->234 239->238 244 7ffe13306301-7ffe133063b2 call 7ffe133091a0 VirtualProtect * 2 239->244 240->181 245 7ffe1330644c-7ffe13306482 call 7ffe133091a0 call 7ffe1330d210 241->245 246 7ffe133064cf-7ffe133064e7 241->246 244->238 256 7ffe133064aa-7ffe133064ca call 7ffe13309a90 245->256 257 7ffe13306484-7ffe133064a3 call 7ffe13309a90 245->257 246->236 256->246 260 7ffe133064a8 257->260 260->246
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: QueryVirtual
                • String ID:
                • API String ID: 1804819252-0
                • Opcode ID: 46795164dbcdf3ad6bfdf78799c737a423ce520b6a28aab93283d408ad6caa38
                • Instruction ID: 9366a6bb53cf96d76c2f0857c3f3034135d92c34618a2de534b9c50531b9cfb7
                • Opcode Fuzzy Hash: 46795164dbcdf3ad6bfdf78799c737a423ce520b6a28aab93283d408ad6caa38
                • Instruction Fuzzy Hash: 5012F936609AC18ADB70CB1AE4903AEB7A1F7D87A0F504066DA8D87B69DF3DD450CF44

                Control-flow Graph

                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: _wcsupr_s
                • String ID: UKKED
                • API String ID: 600324503-4206113906
                • Opcode ID: 7d9d03ef57153a7d8990ac08e01eabe82736bdebbc62b7f712c11e85fb6f341f
                • Instruction ID: f7d141aa2a8152dce658e892875099ca092791b1bc9782b9d74b5bff5d4da6ea
                • Opcode Fuzzy Hash: 7d9d03ef57153a7d8990ac08e01eabe82736bdebbc62b7f712c11e85fb6f341f
                • Instruction Fuzzy Hash: 7B711D71A1CAC289EA71DB17E0553FF6390FBA8B90F004076D9AD57BAADE2CD140CB44

                Control-flow Graph

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: File$Heap$AllocCloseCreateHandleProcessReadSizelstrcpy
                • String ID:
                • API String ID: 4123427219-0
                • Opcode ID: 567d08ba2c89455098c4444cdfaea48bb366337489d0e66e012deeb7eca67cf1
                • Instruction ID: 33a91f486324ddcf685bb11937056c509e0c3851ee55494590a4fcbbfe690110
                • Opcode Fuzzy Hash: 567d08ba2c89455098c4444cdfaea48bb366337489d0e66e012deeb7eca67cf1
                • Instruction Fuzzy Hash: F8418276A18B84C7EB008F6AE49435ABBA0F7C8B94F204165EB8C07B69CF7DC1558F44

                Control-flow Graph

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$AllocProcess_mbsset
                • String ID:
                • API String ID: 3511588043-0
                • Opcode ID: 9c28ee106da2329ad5654b6099321f634c73ddb4ba123690c7baacf6208007d8
                • Instruction ID: b7e9595b284951063fefe8b447089f332c4854c244ca38535ab2ef5a013a6893
                • Opcode Fuzzy Hash: 9c28ee106da2329ad5654b6099321f634c73ddb4ba123690c7baacf6208007d8
                • Instruction Fuzzy Hash: 6E21D436618F858ADB11DB2AE09041EB7B4FBD9BE0B108226EA9D53739DF3DD441CB04

                Control-flow Graph

                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: EnvironmentVariable
                • String ID: UKKED
                • API String ID: 1431749950-4206113906
                • Opcode ID: 441cf544d721819efb2fbca064090cdbdfca75b8e2f78038212f9997d2fe2eda
                • Instruction ID: 560e003d213a0038e12c2b70fe3ff850bdf2a4f5c45e74f3440ac70d48050fb5
                • Opcode Fuzzy Hash: 441cf544d721819efb2fbca064090cdbdfca75b8e2f78038212f9997d2fe2eda
                • Instruction Fuzzy Hash: AE21F976A0CF86C9EA508B56E48022EB7A0FBA47A0F405171EA9D53BB8DF7CD544CB04

                Control-flow Graph

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 0eb568c96684d28ba4cb8e813b2d4ad9b343b1c078d87e873991cd519d3fdef6
                • Instruction ID: 38af97ebd086b2d02a1e91bef8aeaab698a417fcf83c744f16a468adf3000898
                • Opcode Fuzzy Hash: 0eb568c96684d28ba4cb8e813b2d4ad9b343b1c078d87e873991cd519d3fdef6
                • Instruction Fuzzy Hash: 0351E67A209BC08ADB60CF19E0806AEB7A1F3D8750F505026EA8D87BA9CF7DD451CF44

                Control-flow Graph

                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: CriticalInitializeSection
                • String ID: (
                • API String ID: 32694325-3887548279
                • Opcode ID: 6655f92b84779f2b370c3b458e4e4ddd3821fe7da9848a1ed36c6bb0665e2be6
                • Instruction ID: 10e0c8297a544c800091759cb793aef800864a857c113b69ad10f1bd3f7510e4
                • Opcode Fuzzy Hash: 6655f92b84779f2b370c3b458e4e4ddd3821fe7da9848a1ed36c6bb0665e2be6
                • Instruction Fuzzy Hash: 38118F21A0CEC588F7B0AB22F4443AE62A1ABE4764F000570D5AC576B6DF3ED0658B14
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Event
                • String ID:
                • API String ID: 4201588131-0
                • Opcode ID: da6e1521970e8147b380b29ed3ccbf01235c3cb970a1b0a537bc7a0f487dbe5c
                • Instruction ID: d9376bb49ce98c7c8ac198b9831716de3324f304e60d1c7335c584a458917abf
                • Opcode Fuzzy Hash: da6e1521970e8147b380b29ed3ccbf01235c3cb970a1b0a537bc7a0f487dbe5c
                • Instruction Fuzzy Hash: 1EF0A075D0CC42CFEA20DB22D84927E62A0BFA8318F8001B1D19EB5671CF6CD449C708
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$FreeProcess
                • String ID:
                • API String ID: 3859560861-0
                • Opcode ID: 6698e917849451a0aef8a6552657a417083e1d6884d0f5a15d5d9bf2732f7bc0
                • Instruction ID: f7f0337160328580e0e7c87f4f1ebaea8db113e3d9eb983f9cfd9c5c9482d4cf
                • Opcode Fuzzy Hash: 6698e917849451a0aef8a6552657a417083e1d6884d0f5a15d5d9bf2732f7bc0
                • Instruction Fuzzy Hash: 94C08064F15E41C1D604EB77B888015A360FFDC740F404075E58D11335DD3CC0554704
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$Process$AllocFree
                • String ID:
                • API String ID: 756756679-0
                • Opcode ID: 1aedfdc7593e60c27b125e012a3b97ac117d4af274e1274a9e130c1e161c9417
                • Instruction ID: b9cc5d8b000fd203561fdd56d0c358200d1ac4555e4d6a859975443d23fef272
                • Opcode Fuzzy Hash: 1aedfdc7593e60c27b125e012a3b97ac117d4af274e1274a9e130c1e161c9417
                • Instruction Fuzzy Hash: 96317236619F88CACB50CB1AE48061EB7A1F7C9B94F104126EA9E83B78DF3CD451CB04
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$AllocProcess
                • String ID:
                • API String ID: 1617791916-0
                • Opcode ID: a95fe1be4c71c6c06e46e549ec4844d4ee8cf09f426d05ad2846a831cdd59600
                • Instruction ID: 0cbabc9a6167cb7eb5115c9edb379788d6dc9d9fe046323ab0f853693264f773
                • Opcode Fuzzy Hash: a95fe1be4c71c6c06e46e549ec4844d4ee8cf09f426d05ad2846a831cdd59600
                • Instruction Fuzzy Hash: 46218776608B85CBDB14CF1AE08421ABBB0F7C9B94F218126EB9D43764DB7EC545CB40
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$AllocProcess
                • String ID:
                • API String ID: 1617791916-0
                • Opcode ID: f449d6422ae271e761a07f547b04faa659581171b9b121866ee1c2c1e5dc86c0
                • Instruction ID: 6877c550593db151dab1492b388895944fb749c351b896bb8c938d00cc55c12b
                • Opcode Fuzzy Hash: f449d6422ae271e761a07f547b04faa659581171b9b121866ee1c2c1e5dc86c0
                • Instruction Fuzzy Hash: B7C08020F15E41C1D644EB77B888015A360FFDC744F404075D58D11335DD3CC0594704
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725679296.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b7d0000_Lic.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID:
                • API String ID: 1029625771-0
                • Opcode ID: 0ad417b4c819c02802a9395850b0ca261dd264a10ab78db06c9c14b2169d377b
                • Instruction ID: 9e2ded305b78006d3915ecb91020d767e9d3490f52fd6191fcf977fdfba12168
                • Opcode Fuzzy Hash: 0ad417b4c819c02802a9395850b0ca261dd264a10ab78db06c9c14b2169d377b
                • Instruction Fuzzy Hash: 0F61D430609A8D8FEB59EF68C8657F53BE1FF95310F10426EE84DC72A2CA749945CB81
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: ca87b605d7527a805af6e528b24c58af9919f7da83d2830c66545cda446b07fe
                • Instruction ID: f8209ce0a7aa8e4260f9430beec6c782cd9e2b2a8557f7348d5d92c27ae13bfc
                • Opcode Fuzzy Hash: ca87b605d7527a805af6e528b24c58af9919f7da83d2830c66545cda446b07fe
                • Instruction Fuzzy Hash: 8EE0E527B1DD41CDE6204B42F48006EE750FBA47B4F540471FA9E167A5CE6CD0019B48
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 10401bf45a24ac4b4ad64ec24bcd1d238dc0a9a1670b3a19d1ecccf79937b4a6
                • Instruction ID: 8feed251991538808426dd9a9762b25b7d02d0d450ebf97312b3026d6546e693
                • Opcode Fuzzy Hash: 10401bf45a24ac4b4ad64ec24bcd1d238dc0a9a1670b3a19d1ecccf79937b4a6
                • Instruction Fuzzy Hash: 37E04F63A4DC45DDE6208B86E44066EE310EB547B0F444476FBAE22AA9CE7CE004DB08
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Free$Local$CertClose$Crypt$CertificateContextStore$Param$AllocObjectQuery
                • String ID: E$Z$h$~
                • API String ID: 4286058620-1241516678
                • Opcode ID: b632943e263cc83400ee88c6fab56ac12591eb4569c6cbd96ea87d28789367a7
                • Instruction ID: 0de398c2cc81df399e0d2c2749c7573fd1e57bfee655da15aedc0e83542b9ea3
                • Opcode Fuzzy Hash: b632943e263cc83400ee88c6fab56ac12591eb4569c6cbd96ea87d28789367a7
                • Instruction Fuzzy Hash: 2BF1EC2160CEC2CAE7B0CB16E4483AEA3A1FB90754F504175D6EE969B9DF7CD489CB04
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$Process$Free$AllocMemoryRead
                • String ID:
                • API String ID: 3401992658-0
                • Opcode ID: 0470b1cd20778e8b5d982d8891017df019858e5454f0fc1727ce42e26a9b0110
                • Instruction ID: ee145c84a15d14c0b5aaf82f6d83d89449ddc2ccc80c9cf6dcfab9c56f2b9b1b
                • Opcode Fuzzy Hash: 0470b1cd20778e8b5d982d8891017df019858e5454f0fc1727ce42e26a9b0110
                • Instruction Fuzzy Hash: 51E1CE36A0CB858AD7A0CB5AF44436EB7A0FB99794F104075EADE93B68DF3CD4448B04
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$Process$AllocExceptionFreeRaise$Exittype_info::_name_internal_method
                • String ID: Memory allocation failed for IP_ADAPTER_ADDRESSES struct$Memory allocation failed for IP_ADAPTER_ADDRESSES struct$luetooth
                • API String ID: 563264890-3343762360
                • Opcode ID: 1c9afc30f4eff8537f4e853ac963db05aecf75aa9a660d888de8c2afe6f3118b
                • Instruction ID: 0cbb136ba051f98b8ef18244a8997d2681e042031008f4cc79668af5d750e281
                • Opcode Fuzzy Hash: 1c9afc30f4eff8537f4e853ac963db05aecf75aa9a660d888de8c2afe6f3118b
                • Instruction Fuzzy Hash: B5912836A08F858AE760CB66F4543AEB7A1FB987A4F404035EA9D53B69DF7CD144CB00
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Message
                • String ID: and can not run on this machine.$ and can not run on this machine.$AgileDotNet$AgileDotNet$AgileDotNet$AgileDotNet$The secured image was created using a trial version of $The secured image was created using a trial version of
                • API String ID: 2030045667-3305494433
                • Opcode ID: 5b7005dc252598ca0c162469369bbd06851c0251ecf40029832c8d27c0175328
                • Instruction ID: 1052685b03054fda09ea671090ac30e9816a6d7b164c158f683708364b2a01c2
                • Opcode Fuzzy Hash: 5b7005dc252598ca0c162469369bbd06851c0251ecf40029832c8d27c0175328
                • Instruction Fuzzy Hash: 3751746171CDC298EA719722E4503FEA350FBA47A4F404075E5AD925BBEE6CD244CB44
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: CertCertificateContextFree$CryptDecodeObject$AllocLocallstrcmp
                • String ID: 1.2.840.113549.1.9.6
                • API String ID: 335881361-2921522063
                • Opcode ID: edcf1bec574ff234b4619ef6f94b37158b1fb6d0de44523390a08343a6577b95
                • Instruction ID: 6a985c129f53b30c6fdfc3aa85a110ce92b2651b3c25c1f78f540bd1c996e3a2
                • Opcode Fuzzy Hash: edcf1bec574ff234b4619ef6f94b37158b1fb6d0de44523390a08343a6577b95
                • Instruction Fuzzy Hash: 1251E976608A41CADB14CB09E49432EB7A0F7D8B94F204126EB9D97B78CF7DD485CB04
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: CertCertificateContextFree$AllocCryptDecodeLocalObjectlstrcmp
                • String ID: 1.2.840.113549.1.9.6
                • API String ID: 2299954700-2921522063
                • Opcode ID: db96d14d40d9969ef454a0d0f168804e88a9dc3a6f7c0a8b28ea2049a95f6d33
                • Instruction ID: 6db974194b6e8aa3e6b2a8ebcbbaf1166d09a47fa0d544f55daf3e323f25cf56
                • Opcode Fuzzy Hash: db96d14d40d9969ef454a0d0f168804e88a9dc3a6f7c0a8b28ea2049a95f6d33
                • Instruction Fuzzy Hash: 0421F576608A81CADB04CB0AE49032EB7A0F7D8B94F504136EA9E97B78DF7CD445CB00
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Version
                • String ID:
                • API String ID: 1889659487-0
                • Opcode ID: 16c98b60504202c8745f39f82cb4b79dd388ece3ba03d14d9ea444e5f956a03b
                • Instruction ID: f8ce436168e642c8ceddfc64a71d35220a301bf9f05cdf3608fbf9ab2c6df1d0
                • Opcode Fuzzy Hash: 16c98b60504202c8745f39f82cb4b79dd388ece3ba03d14d9ea444e5f956a03b
                • Instruction Fuzzy Hash: 0C21E136D2D641CEEBB88A02E54432F77A0F7A5769F101179F29E115A8C77DD488CE09
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Library$Free$AddressProcProtectVirtual$LoadVersion
                • String ID: DbgBreakPoint$DbgUiRemoteBreakin$ntdll.dll
                • API String ID: 3302647564-76633807
                • Opcode ID: da7a6bb8d533ff6402b070444e82588e32720411109c2aa754e586ca1d77209e
                • Instruction ID: f605ceab515392b6f1015a561bc3ed34bc297dbab75a166d1e222c7908cfc353
                • Opcode Fuzzy Hash: da7a6bb8d533ff6402b070444e82588e32720411109c2aa754e586ca1d77209e
                • Instruction Fuzzy Hash: 70315025A1CE81CAE7608B12E44432EB7A0FBA57A4F5001B1E69E53779CF3DD548CB08
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: FormatHeapTime$AllocCreateCriticalDateFileInitializePathProcessSectionSystemTemplstrcatlstrcpy
                • String ID: .txt$HH'h'mm'm'ss's'$RuntimeLog$dd'd'MM'm'yyyy'y'
                • API String ID: 641398865-1436097571
                • Opcode ID: 60b143c65e979732b5595b6bb65ec2480896aab68157047de5bc1a656c4e681b
                • Instruction ID: 5c8efb2367b3e39ef9c057732c131401555dba0e964abf869c3db1123eb49731
                • Opcode Fuzzy Hash: 60b143c65e979732b5595b6bb65ec2480896aab68157047de5bc1a656c4e681b
                • Instruction Fuzzy Hash: 77311C75A18E82D9F760DB22E8543EAA361FBA8324F804171D69D52A79DF3CD10DCB08
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: ErrorLastThread$Context$EventResumeSuspend
                • String ID:
                • API String ID: 1160570678-0
                • Opcode ID: 6d1b9fb430bf3c3a7482eb446546e3484b6a16ad7a1df2d87e503e5e93534510
                • Instruction ID: 977cbc02c135540fb949a4953adc114387f68e2f176e4f77c13efdba8db6d7e4
                • Opcode Fuzzy Hash: 6d1b9fb430bf3c3a7482eb446546e3484b6a16ad7a1df2d87e503e5e93534510
                • Instruction Fuzzy Hash: 93D1F2B2608AC68AE7708B16E4443AFBBA0F794B59F004075CB9D47BA9DB7DD444CF48
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: ExceptionRaise$ErrorLastLibraryLoad
                • String ID: H
                • API String ID: 948315288-2852464175
                • Opcode ID: 43bb971852d7a7fa9d269d26fc1873a3f138505b3f3d5bae846dd4246f9f70b2
                • Instruction ID: e2ea67b9fde68d093201e6dc22803069ffbf28145f2679e7d0c97ae5ab13cbed
                • Opcode Fuzzy Hash: 43bb971852d7a7fa9d269d26fc1873a3f138505b3f3d5bae846dd4246f9f70b2
                • Instruction Fuzzy Hash: F1916C32B05B468EEB55CFA6E8406AC77A1BB18BA8F084035DE1D67B64EF3CE445C704
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: AddressProc$LibraryLoad
                • String ID: GetCORVersion$GetFileVersion$GetRequestedRuntimeInfo$mscoree.dll
                • API String ID: 2238633743-1350728216
                • Opcode ID: 35337d0929e6747b82974c3f4fb4c31524521e949d39d6a30db05b111a9f12db
                • Instruction ID: 6db1a09d5858f86141afe0d2659189517bf4cb992d7f2da46ca57d1623df5028
                • Opcode Fuzzy Hash: 35337d0929e6747b82974c3f4fb4c31524521e949d39d6a30db05b111a9f12db
                • Instruction Fuzzy Hash: 3B0162A4A09F0ADDE680DB03EC8427DA365BF65760F4016B2D42DA2632DF6CA596C309
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Thread$Current$CloseCreateHandleHeap$AllocEventObjectOpenProcessSingleWait
                • String ID:
                • API String ID: 2424404254-0
                • Opcode ID: 6e6d3b53e848b1c6433ab97937796db298d080aa13cc77777690237fe19a4373
                • Instruction ID: 084a0a86a81d0e235504d21351e95b794e4b1cd1bba90fece0b9c57d10c6ccef
                • Opcode Fuzzy Hash: 6e6d3b53e848b1c6433ab97937796db298d080aa13cc77777690237fe19a4373
                • Instruction Fuzzy Hash: 2941CF36629F858AD790CB16E49072EB7A1FBD8BA4F104165EA9E53B68CF3CC444CB04
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$FileInfoProcessVersion$AllocFreeQuerySizeValue
                • String ID:
                • API String ID: 182793968-0
                • Opcode ID: a8f10d33d683de652da5afda89c844352a7bf210f50a967145278a67dd392050
                • Instruction ID: 0f33f4755f96e37f3626490da77d07f8451e8588318d700e8f6834c378531525
                • Opcode Fuzzy Hash: a8f10d33d683de652da5afda89c844352a7bf210f50a967145278a67dd392050
                • Instruction Fuzzy Hash: 7141E876A08B82CAD760CF2AE44036AB7E1FB98750F508136EA9C93768DE3CD045CF04
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Thread$CloseCreateCurrentHandle$EventObjectOpenSingleWait
                • String ID:
                • API String ID: 4004156642-0
                • Opcode ID: 28b1e6984884bcffa3dec0d4d7913924b04b3f7311c8f0e1b3c1eb99137728b0
                • Instruction ID: 6d98e62559ece50db6b4a5ff9c0ed41a411358269e4ebda728ce9e26cdfd1a33
                • Opcode Fuzzy Hash: 28b1e6984884bcffa3dec0d4d7913924b04b3f7311c8f0e1b3c1eb99137728b0
                • Instruction Fuzzy Hash: 55313436629F858AD790CB26E44072AB7A0FB98B64F100065EA9E43B64CF3DC445CB00
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: ExceptionRaiselstrcmp
                • String ID: $-$@$@$Table stream was not found.
                • API String ID: 789130480-3695719007
                • Opcode ID: e77bc7a638fc51829f6b4dfd8455280927ec383c3c9f72b5050ef09c8b1049e3
                • Instruction ID: 578e248016f0cd63dfe0bb3f9c95fb4c1c9174d6c58f3c63d6ee8da3e7ad9dc4
                • Opcode Fuzzy Hash: e77bc7a638fc51829f6b4dfd8455280927ec383c3c9f72b5050ef09c8b1049e3
                • Instruction Fuzzy Hash: FAC11C32609B858AEB60CB1AE4847AEB7A0F7D8794F104135EA9D87B69DF3DD441CF04
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$AllocCommandLineProcesslstrcpylstrlen
                • String ID:
                • API String ID: 3105795567-3916222277
                • Opcode ID: 6b0df1de6c89057d9d66f6f3798802fc466e9c8699ff9dfd1f681cb8f88723d3
                • Instruction ID: 3f78159c858a59f8d64b793efc0cdb4ba4067614cceea74d51defa8b94ce6548
                • Opcode Fuzzy Hash: 6b0df1de6c89057d9d66f6f3798802fc466e9c8699ff9dfd1f681cb8f88723d3
                • Instruction Fuzzy Hash: A4A1A962708F05C5DB708B16E48023E77A4FB98BA8F140175EAED937B5DF2CD5918B28
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Current$Process$CloseCreateFileHandleThread
                • String ID: MiniDump.dmp
                • API String ID: 2270032372-271895303
                • Opcode ID: 1e9184a7d2658d7df3d8dd0d6873f7ad22f50f8468e4fc3095c802ea393ff8d3
                • Instruction ID: 6dd6acdd3c123fc162c754ecacde6516cb8296b4c6fd92e0740179aa3e1b3e95
                • Opcode Fuzzy Hash: 1e9184a7d2658d7df3d8dd0d6873f7ad22f50f8468e4fc3095c802ea393ff8d3
                • Instruction Fuzzy Hash: 7421E436908B81CAE3609B56F44831AB7A0F795764F100279EAED52BA8CF7DD408CF04
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: CallDecorator::getIndex
                • String ID:
                • API String ID: 627293820-0
                • Opcode ID: e763042008c29a6b1794e4c1da32227f3e3eebfdaf65f4da01eb3a9ae766041e
                • Instruction ID: 7691c0d967bf08c5ed51666be5e9357b6398228ef09eddb793b6eb71a7d4db22
                • Opcode Fuzzy Hash: e763042008c29a6b1794e4c1da32227f3e3eebfdaf65f4da01eb3a9ae766041e
                • Instruction Fuzzy Hash: 11014B52F2AB4A42EE44EB5BE09276F5310EFA1B80F401075B98E2B7B7CD6CC0118788
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Process$CloseCurrentEnumFileHandleModuleModulesNameOpen
                • String ID:
                • API String ID: 4110801219-0
                • Opcode ID: 31b224539508ebc4d5716af36cc2d9259b68b6eb3aa1368948da4186f7942a9a
                • Instruction ID: 675a881f5df299a36b55732cac823766501dcac9e4714dda8a7ab91d71409932
                • Opcode Fuzzy Hash: 31b224539508ebc4d5716af36cc2d9259b68b6eb3aa1368948da4186f7942a9a
                • Instruction Fuzzy Hash: 1741633661DE818AE730DB16E4442BEA3A4FBD8794F404035E69D93AA9DF3CD640CF04
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Virtual$Protect$CriticalLeaveQuerySection
                • String ID:
                • API String ID: 2006288-0
                • Opcode ID: 6f35eb7db4e4a76644e042df981321757dc8b79510c58313495dbcc33ddb23a0
                • Instruction ID: 9da984b7dceba82d919260bf4284b481110bf3104a298040223317a685e3d872
                • Opcode Fuzzy Hash: 6f35eb7db4e4a76644e042df981321757dc8b79510c58313495dbcc33ddb23a0
                • Instruction Fuzzy Hash: 80119276628E80C6DB508B66E44061EB7A0F789B94F504226EB8D43B68CF3DC549CB04
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Virtual$Protect$CriticalEnterQuerySection
                • String ID:
                • API String ID: 2670832257-0
                • Opcode ID: 59597dd2451da54cd602cab7bd477533b025bb812c6e7ba2c2f25d9824cdeadd
                • Instruction ID: edd2fc90ce49dfdd76d4a3ede8e0667cc7c96c69d8e91ac786c941b48dacbe74
                • Opcode Fuzzy Hash: 59597dd2451da54cd602cab7bd477533b025bb812c6e7ba2c2f25d9824cdeadd
                • Instruction Fuzzy Hash: 23015E76628E80C6DA50DB6AE45461AB7A4F7C8BA4F504226EB8D43B38CF3CC554CF04
                APIs
                Strings
                • AgileDotNet, xrefs: 00007FFE13303036
                • This application requires .NET Framework 2.0 in order to run properly. Please verify that .NET framework 2.0 is installed on the, xrefs: 00007FFE1330303D
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: ExitMessageProcess
                • String ID: AgileDotNet$This application requires .NET Framework 2.0 in order to run properly. Please verify that .NET framework 2.0 is installed on the
                • API String ID: 1220098344-543017848
                • Opcode ID: e4d37aac3d1c3c0b30195843f6adabed925b3a0cb80ff3edda9355ac895cedaa
                • Instruction ID: be554e52a86bdda6d1c0c50842982a8df3aadea1496c914722db38b823a7f269
                • Opcode Fuzzy Hash: e4d37aac3d1c3c0b30195843f6adabed925b3a0cb80ff3edda9355ac895cedaa
                • Instruction Fuzzy Hash: 6BD01764F08D078AE6446767A8412F9A254AF387A8FC004B1E06DA61B3DD5DE1868399
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$FreeProcess
                • String ID:
                • API String ID: 3859560861-0
                • Opcode ID: 97b04d9ad609d5a0e2ef50727695d97238f2d6be919eb000c3c8d20340ee418d
                • Instruction ID: 225b4eb4269ce2121afa46ae80fb212c764e18e302af5df4ff8af33b6d183bd4
                • Opcode Fuzzy Hash: 97b04d9ad609d5a0e2ef50727695d97238f2d6be919eb000c3c8d20340ee418d
                • Instruction Fuzzy Hash: A611D636A18F41CAD660CB5AE48432EA7A0FBD8BA4F104176EA9E53778DF7CD1458B04
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1725765280.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                • Associated: 00000000.00000002.1725748037.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725788114.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725828532.00007FFE13312000.00000004.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725852927.00007FFE13313000.00000002.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725869627.00007FFE13315000.00000040.00000001.01000000.00000006.sdmpDownload File
                • Associated: 00000000.00000002.1725885273.00007FFE13316000.00000080.00000001.01000000.00000006.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffe13300000_Lic.jbxd
                Similarity
                • API ID: Heap$AllocProcess
                • String ID:
                • API String ID: 1617791916-0
                • Opcode ID: b0356d0bae4686313ba9b52df9f4365dc7888078af5079ade7b6e256e4e57d58
                • Instruction ID: d3a843234f1df26af88e2645590a8af7144c70ee23c03930e945dad0b97ee43c
                • Opcode Fuzzy Hash: b0356d0bae4686313ba9b52df9f4365dc7888078af5079ade7b6e256e4e57d58
                • Instruction Fuzzy Hash: F7E06561E18F82C5E684DB63B84836AA3A0FF98754F004075E9AE52635DF3CD0448604